Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks

IF 2.9 4区 综合性期刊 Q1 Multidisciplinary Arabian Journal for Science and Engineering Pub Date : 2024-09-14 DOI:10.1007/s13369-024-09577-3
Erdal Ozdogan
{"title":"Structured Defense Model Against DNP3-Based Critical Infrastructure Attacks","authors":"Erdal Ozdogan","doi":"10.1007/s13369-024-09577-3","DOIUrl":null,"url":null,"abstract":"<p>Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.</p>","PeriodicalId":8109,"journal":{"name":"Arabian Journal for Science and Engineering","volume":"100 1","pages":""},"PeriodicalIF":2.9000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Arabian Journal for Science and Engineering","FirstCategoryId":"103","ListUrlMain":"https://doi.org/10.1007/s13369-024-09577-3","RegionNum":4,"RegionCategory":"综合性期刊","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Multidisciplinary","Score":null,"Total":0}
引用次数: 0

Abstract

Critical infrastructures encompass the essential systems required to operate various sectors, including energy, water, communication, finance, health, and transportation. The sophistication and organization of attacks on these infrastructures are escalating. A frequently targeted protocol within these critical infrastructures is the Distributed Network Protocol 3 (DNP3). This study developed a Machine Learning-supported Intrusion Detection System to identify attacks on DNP3 networks. The research utilized a current and balanced dataset containing DNP3 traffic from critical infrastructures. A model incorporating two defense lines, reflecting the structure of the attacks, was proposed. The initial detection of reconnaissance attacks is designed to prevent subsequent attacks. Reconnaissance attacks are identified in the first defense line using Extreme Gradient Boosting. In contrast, attacks on critical infrastructures are classified as the second defense line, with the support of artificial neural networks. In the study’s first phase, the model achieved high accuracy in detecting reconnaissance attacks. In the second phase, the model achieved approximately 99% accuracy in detecting attacks and around 98% average success in classification. The model achieved 96% accuracy in evaluating unknown attack detection capability.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
针对基于 DNP3 的关键基础设施攻击的结构化防御模型
关键基础设施包括能源、水、通信、金融、卫生和交通等各个部门运行所需的基本系统。针对这些基础设施的攻击在复杂性和组织性方面不断升级。在这些关键基础设施中,分布式网络协议 3 (DNP3) 是一个经常成为攻击目标的协议。本研究开发了一种机器学习支持的入侵检测系统,用于识别针对 DNP3 网络的攻击。研究利用了一个当前的均衡数据集,其中包含来自关键基础设施的 DNP3 流量。研究提出了一个包含两条防线的模型,反映了攻击的结构。侦查攻击的初始检测旨在防止后续攻击。在第一道防线中,使用 "极梯度提升"(Extreme Gradient Boosting)技术识别侦查攻击。相反,在人工神经网络的支持下,对关键基础设施的攻击被归类为第二道防线。在研究的第一阶段,该模型在检测侦察攻击方面取得了很高的准确率。在第二阶段,该模型检测攻击的准确率约为 99%,分类的平均成功率约为 98%。该模型在评估未知攻击检测能力方面的准确率达到 96%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Arabian Journal for Science and Engineering
Arabian Journal for Science and Engineering 综合性期刊-综合性期刊
CiteScore
5.20
自引率
3.40%
发文量
0
审稿时长
4.3 months
期刊介绍: King Fahd University of Petroleum & Minerals (KFUPM) partnered with Springer to publish the Arabian Journal for Science and Engineering (AJSE). AJSE, which has been published by KFUPM since 1975, is a recognized national, regional and international journal that provides a great opportunity for the dissemination of research advances from the Kingdom of Saudi Arabia, MENA and the world.
期刊最新文献
Statistical Analysis and Accurate Prediction of Thermophysical Properties of ZnO-MWCNT/EG-Water Hybrid Nanofluid Using Several Artificial Intelligence Methods Proposing a New Egg-Shaped Profile to Further Enhance the Hydrothermal Performance of Extended Dimple Tubes in Turbulent Flows Violence Detection Using Deep Learning Effects of Iron Ion Ratios on the Synthesis and Adsorption Capacity of the Magnetic Graphene Oxide Nanomaterials Enhancing Elderly Care with Wearable Technology: Development of a Dataset for Fall Detection and ADL Classification During Muslim Prayer Activities
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1