Attacking and Defending DNP3 ICS/SCADA Systems

The highly beneficial contribution of intelligent systems in the industrial domain is undeniable. Automation, supervision, remote control, and fault reduction are some of the various advantages new technologies offer. A protocol demonstrating high utility in industrial settings, and specifically, in smart grids, is Distributed Network Protocol 3 (DNP3), a multi-tier, application layer protocol. Notably, multiple industrial protocols are not as securely designed as expected, considering the highly critical operations occurring in their application domain. In this paper, we explore the internal vulnerabilities-by-design of DNP3, and proceed with the implementation of the attacks discovered, demonstrated through 8 DNP3 attack scenarios. Finally, we design and demonstrate a Deep Neural Network (DNN)-based, multi-model Intrusion Detection Systems (IDS), trained with our experimental network flow cyberattack dataset, and compare our solution with multiple machine learning algorithms used for classification. Our solution demonstrates a high efficiency in the classification of DNP3 cyberattacks, showing an accuracy of 99.0%.