Next Article in Journal
A Smart IoT Device for Detecting and Responding to Earthquakes
Next Article in Special Issue
Practical Implementation of Privacy Preserving Clustering Methods Using a Partially Homomorphic Encryption Algorithm
Previous Article in Journal
A Novel Video Face Verification Algorithm Based on TPLBP and the 3D Siamese-CNN
Previous Article in Special Issue
Intelligent On-Off Web Defacement Attacks and Random Monitoring-Based Detection Algorithms
Article

A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP

Department of Automation, Key Laboratory of System Control and Information Processing, Ministry of Education of China, Shanghai Jiao Tong University, Shanghai 200240, China
*
Author to whom correspondence should be addressed.
Electronics 2019, 8(12), 1545; https://doi.org/10.3390/electronics8121545
Received: 25 October 2019 / Revised: 11 December 2019 / Accepted: 12 December 2019 / Published: 15 December 2019
(This article belongs to the Special Issue Advanced Cybersecurity Services Design)
Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs. View Full-Text
Keywords: intrusion detection; Ethernet/IP; industrial control networks intrusion detection; Ethernet/IP; industrial control networks
Show Figures

Figure 1

MDPI and ACS Style

Yu, W.; Wang, Y.; Song, L. A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP. Electronics 2019, 8, 1545. https://doi.org/10.3390/electronics8121545

AMA Style

Yu W, Wang Y, Song L. A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP. Electronics. 2019; 8(12):1545. https://doi.org/10.3390/electronics8121545

Chicago/Turabian Style

Yu, Wenbin, Yiyin Wang, and Lei Song. 2019. "A Two Stage Intrusion Detection System for Industrial Control Networks Based on Ethernet/IP" Electronics 8, no. 12: 1545. https://doi.org/10.3390/electronics8121545

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop