{"title":"Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks","authors":"Erdal Ozdogan","doi":"10.1007/s13369-024-09577-3","DOIUrl":null,"url":null,"abstract":"<p>Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.</p>","PeriodicalId":8109,"journal":{"name":"Arabian Journal for Science and Engineering","volume":"100 1","pages":""},"PeriodicalIF":2.9000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Arabian Journal for Science and Engineering","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.1007/s13369-024-09577-3","RegionNum":4,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}
引用次数: 0
Abstract
Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.
期刊介绍:
King Fahd University of Petroleum & Minerals (KFUPM) partnered with Springer to publish the Arabian Journal for Science and Engineering (AJSE).
AJSE, which has been published by KFUPM since 1975, is a recognized national, regional and international journal that provides a great opportunity for the dissemination of research advances from the Kingdom of Saudi Arabia, MENA and the world.