Denial of Service Attacks Detection on SCADA Network IEC 60870-5-104 using Machine Learning

Abstract

SCADA was designed to be used in an isolated area however, in modern SCADA, its connection to the Internet has become essential due to performance and commercial needs. This extended SCADA interconnection creates new vulnerabilities in the SCADA network. One of the attacks that may occur caused by the extended interconnection of SCADA networks to heterogeneous networks is Denial of Service attacks (DoS). DoS attack is launched by sending many messages from nodes. The development of easily accessible and simple DoS tools has increased the frequency of attacks. Ease of access and use of DoS tools made reduced the level of expertise needed to launch an attack. This study uses a SCADA dataset containing DoS attacks and running IEC 60870-5-104 protocol where this protocol will be encapsulated into TCP/IP protocol before being transmitted so that the treatment in detecting DoS attack in SCADA networks using the IEC 104 protocol is not much different from a traditional computer network. This study implements three machine learning approaches, i.e.: Decision Tree, Support Vector Machine, and Gaussian Naïve Bayes in creating an Intrusion Detection System (IDS) model to recognize DoS attack on the SCADA Network. Experimental results show that the performance of the Decision Tree approach has the best performance detection on the Testing dataset and Training dataset with an accuracy of 99.99% in all experiments.