TY - GEN
T1 - Lightweight Testbed for Cybersecurity Experiments in SCADA-based Systems
AU - Khan, Mohsin
AU - Rehman, Osama
AU - Rahman, Ibrahim M.H.
AU - Ali, Saqib
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/9/9
Y1 - 2020/9/9
N2 - A rapid rise in cyber-attacks on Cyber Physical Systems (CPS) has been observed in the last decade. It becomes even more concerning that several of these attacks were on critical infrastructures that indeed succeeded and resulted into significant physical and financial damages. Experimental testbeds capable of providing flexible, scalable and interoperable platform for executing various cybersecurity experiments is highly in need by all stakeholders. A container-based SCADA testbed is presented in this work as a potential platform for executing cybersecurity experiments. Through this testbed, a network traffic containing ARP spoofing is generated that represents a Man in the middle (MITM) attack. While doing so, scanning of different systems within the network is performed which represents a reconnaissance attack. The network traffic generated by both ARP spoofing and network scanning are captured and further used for preparing a dataset. The dataset is utilized for training a network classification model through a machine learning algorithm. Performance of the trained model is evaluated through a series of tests where promising results are obtained.
AB - A rapid rise in cyber-attacks on Cyber Physical Systems (CPS) has been observed in the last decade. It becomes even more concerning that several of these attacks were on critical infrastructures that indeed succeeded and resulted into significant physical and financial damages. Experimental testbeds capable of providing flexible, scalable and interoperable platform for executing various cybersecurity experiments is highly in need by all stakeholders. A container-based SCADA testbed is presented in this work as a potential platform for executing cybersecurity experiments. Through this testbed, a network traffic containing ARP spoofing is generated that represents a Man in the middle (MITM) attack. While doing so, scanning of different systems within the network is performed which represents a reconnaissance attack. The network traffic generated by both ARP spoofing and network scanning are captured and further used for preparing a dataset. The dataset is utilized for training a network classification model through a machine learning algorithm. Performance of the trained model is evaluated through a series of tests where promising results are obtained.
KW - ARP spoofing
KW - Docker
KW - Reconnaissance attack
KW - SCADA
KW - Testbed
UR - http://www.scopus.com/inward/record.url?scp=85098462834&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098462834&partnerID=8YFLogxK
U2 - 10.1109/ICCIT-144147971.2020.9213791
DO - 10.1109/ICCIT-144147971.2020.9213791
M3 - Conference contribution
AN - SCOPUS:85098462834
T3 - 2020 International Conference on Computing and Information Technology, ICCIT 2020
BT - 2020 International Conference on Computing and Information Technology, ICCIT 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 International Conference on Computing and Information Technology, ICCIT 2020
Y2 - 9 September 2020 through 10 September 2020
ER -