Stiawan, Deris (2022) Malicious Activity Recognition on SCADA Network IEC 60870-5-104 Protocol (Similarity). Ithenticate Universitas sriwijaya. (Submitted)
Preview |
Text
Malicious_Activity_Recognition_on_SCADA_Network_IE.pdf Download (2MB) | Preview |
Abstract
SCADA (Supervisory Control Acquisition Data) has extended to a heterogeneous network, makes it opens to any type of internet attack/malicious activity. Malicious activities in the SCADA network may disrupt the control and monitoring process of industrial equipment. These activities can be in the form of Unauthorized Access, Port Scanning, and SYN flood. Each Malicious Activity has features that can be a way to identify it. This paper attempts to investigate the malicious activities in the SCADA network running the IEC 60870-5-104 protocol. Raw traffic data from the SCADA network were recorded in pcap format. Next, by using Snort and Suricata software the characteristics of malicious activities are identified, and then observed using Wireshark software. The observation will produce attacks haracteristics/ features. The malicious activities in the SCADA network traffic records revealed in this study are SYN Flood, Port Scan, Unauthorized Access and Invalid data on CoT (Cause of Transmission) packets. Knowing these features will help to classify or to identify the attacks. In turn, the recognized features of the SCADA traffic network can be used to develop a machine learning model as a classifier engine in an intrusion detection system (IDS).
Item Type: | Other |
---|---|
Subjects: | T Technology > T Technology (General) > T58.6-58.62 Management information systems > T58.62 Decision support systems Cf. HD30.213 Industrial management #3 Repository of Lecturer Academic Credit Systems (TPAK) > Results of Ithenticate Plagiarism and Similarity Checker |
Divisions: | 09-Faculty of Computer Science > 56201-Computer Systems (S1) |
Depositing User: | Dr. Deris Stiawan |
Date Deposited: | 26 Nov 2022 06:55 |
Last Modified: | 26 Nov 2022 06:55 |
URI: | http://repository.unsri.ac.id/id/eprint/82332 |
Actions (login required)
View Item |