Lightweight Testbed for Cybersecurity Experiments in SCADA-based Systems
| Title | Lightweight Testbed for Cybersecurity Experiments in SCADA-based Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Khan, M., Rehman, O., Rahman, I. M. H., Ali, S. |
| Conference Name | 2020 International Conference on Computing and Information Technology (ICCIT-1441) |
| Date Published | Sept. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-2680-7 |
| Keywords | ARP Spoofing, computer network security, computer security, container-based SCADA testbed, Containers, critical infrastructure, critical infrastructures, cyber physical systems, cyber-attacks, cybersecurity experiments, Docker, experimental testbeds, financial damages, interoperable platform, learning (artificial intelligence), machine learning, man in the middle attack, MITM Attack, network classification model, Network reconnaissance, network scanning, network traffic, Open area test sites, pattern classification, physical damages, Protocols, pubcrawl, reconnaissance attack, resilience, Resiliency, SCADA, SCADA systems, SCADA-based Systems, Scalability, telecommunication traffic, testbed |
| Abstract | A rapid rise in cyber-attacks on Cyber Physical Systems (CPS) has been observed in the last decade. It becomes even more concerning that several of these attacks were on critical infrastructures that indeed succeeded and resulted into significant physical and financial damages. Experimental testbeds capable of providing flexible, scalable and interoperable platform for executing various cybersecurity experiments is highly in need by all stakeholders. A container-based SCADA testbed is presented in this work as a potential platform for executing cybersecurity experiments. Through this testbed, a network traffic containing ARP spoofing is generated that represents a Man in the middle (MITM) attack. While doing so, scanning of different systems within the network is performed which represents a reconnaissance attack. The network traffic generated by both ARP spoofing and network scanning are captured and further used for preparing a dataset. The dataset is utilized for training a network classification model through a machine learning algorithm. Performance of the trained model is evaluated through a series of tests where promising results are obtained. |
| URL | https://ieeexplore.ieee.org/document/9213791/ |
| DOI | 10.1109/ICCIT-144147971.2020.9213791 |
| Citation Key | khan_lightweight_2020 |
- reconnaissance attack
- Network reconnaissance
- network scanning
- network traffic
- Open area test sites
- pattern classification
- physical damages
- Protocols
- pubcrawl
- network classification model
- resilience
- Resiliency
- SCADA
- SCADA systems
- SCADA-based Systems
- Scalability
- telecommunication traffic
- testbed
- cybersecurity experiments
- computer network security
- computer security
- container-based SCADA testbed
- Containers
- critical infrastructure
- critical infrastructures
- cyber physical systems
- cyber-attacks
- ARP Spoofing
- Docker
- experimental testbeds
- financial damages
- interoperable platform
- learning (artificial intelligence)
- machine learning
- man in the middle attack
- MITM Attack