ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

An Open Framework for Deploying Experimental SCADA Testbed Networks

?
?
P
pgmaynard

This document outlines an open framework for deploying experimental SCADA testbed networks. It provides a high-level overview of the framework, which uses virtual machines to simulate SCADA networks for testing intrusion detection systems and generating packet datasets. The framework aims to provide reproducible, scalable testbeds that accurately model industrial control systems domains and protocols. Ongoing and future work includes integrating process simulators, simplifying deployment, and exploring alternative network configurations like testbed federation and cloud-based implementations.

1 of 14
Download to read offline
An Open Framework for Deploying Experimental SCADA Testbed Networks Peter Maynard, Kieran McLaughlin, and Sakir Sezer August, 2018 Queen¡¯s University Belfast ? CSIT 1 / 14
Outline ? Background ? High-Level Overview of Framework ? Tooling ? Ongoing/Future Work 2 / 14
About Myself ? Research Assistant, at Queen¡¯s University Belfast, CSIT ? PhD 4 years ICS Network-IDS ? Research Engineer, at Southampton University, UK ? 5G Networks ? Computer Science BSc, at Aberystwyth University, UK 3 / 14
Introduction ? Framework for creating virtualised SCADA networks ? Developed for packet generation for NIDS ? Open Source (GPLv3) 4 / 14
Related Work ? IDS networking datasets (e.g. KDD¡¯99) ? Lack of reproducible ICS/SCADA testbeds ? Lack of IEC 60870-5-104 protocol support 5 / 14
Use Cases TestBed ? Packet Generation ? Attack Simulations ? Agent Benchmarking ? Extending Limited Hardware 6 / 14
Requirements of a TestBed ? Reproducible ? Scalability ? Domain Fidelity ? Process Simulation ? Network Emulation ? Physical Network ? Physical Devices ? Multi-Protocol 7 / 14
High-Level Overview of Framework VM RTU/HMI/... a) Compilation Stage Node Image Build Provision SRC Configuration Profile 1) CreateBaseImage() 3.1) ConfigureBaseImage() 3.3) InstallPackages() 2) CompileSource() 3.2) LoadConfig() b) Orchestration Stage Deploy Operational ProfileProvision ConfigureStart 4) BootUpVirtualMachine() 5.1) AsignIP() 5.2) LoadConfig()5.3) StartServices() c) Operation Stage Control VM SSH/Console/Telnet Manage Shutdown Testbed 6) Monitor() 8 / 14
Tooling 9 / 14
Example Network DNS DHCP RTURTU RTU RTURTU Switch Process Simulator HMI Historian DB IEC104 IEC104 IEC104 IEC104 STP DHCP DNS IEC104 OPC UA Sockets Key Virtual Physical 10 / 14
Dataset ? Network Reconnaissance ? IEC104 Command Injection ? 192K Packet Dataset 11 / 14
Ongoing Work ? Integration Process Simulators ? Implementing additional operation/con?guration pro?les ? Simplify deployment ? Expand documentation 12 / 14
Future Work ? Testbed Federation ? Auto con?guration of networking equipment ? Amazon Web Services (AWS) and Google Compute Engine ? Experimentation with alternative network paradigms 13 / 14
End ? www: petermaynard.co.uk ? twitter: @pgmaynad ? email: p.maynard@qub.ac.uk ? git: https://github.com/PMaynard/ ICS-TestBed-Framework ? dataset: https://dx.doi.org/10.6084/ m9.figshare.6133457.v1 14 / 14

More Related Content

An Open Framework for Deploying Experimental SCADA Testbed Networks

  • 1. An Open Framework for Deploying Experimental SCADA Testbed Networks Peter Maynard, Kieran McLaughlin, and Sakir Sezer August, 2018 Queen¡¯s University Belfast ? CSIT 1 / 14
  • 2. Outline ? Background ? High-Level Overview of Framework ? Tooling ? Ongoing/Future Work 2 / 14
  • 3. About Myself ? Research Assistant, at Queen¡¯s University Belfast, CSIT ? PhD 4 years ICS Network-IDS ? Research Engineer, at Southampton University, UK ? 5G Networks ? Computer Science BSc, at Aberystwyth University, UK 3 / 14
  • 4. Introduction ? Framework for creating virtualised SCADA networks ? Developed for packet generation for NIDS ? Open Source (GPLv3) 4 / 14
  • 5. Related Work ? IDS networking datasets (e.g. KDD¡¯99) ? Lack of reproducible ICS/SCADA testbeds ? Lack of IEC 60870-5-104 protocol support 5 / 14
  • 6. Use Cases TestBed ? Packet Generation ? Attack Simulations ? Agent Benchmarking ? Extending Limited Hardware 6 / 14
  • 7. Requirements of a TestBed ? Reproducible ? Scalability ? Domain Fidelity ? Process Simulation ? Network Emulation ? Physical Network ? Physical Devices ? Multi-Protocol 7 / 14
  • 8. High-Level Overview of Framework VM RTU/HMI/... a) Compilation Stage Node Image Build Provision SRC Configuration Profile 1) CreateBaseImage() 3.1) ConfigureBaseImage() 3.3) InstallPackages() 2) CompileSource() 3.2) LoadConfig() b) Orchestration Stage Deploy Operational ProfileProvision ConfigureStart 4) BootUpVirtualMachine() 5.1) AsignIP() 5.2) LoadConfig()5.3) StartServices() c) Operation Stage Control VM SSH/Console/Telnet Manage Shutdown Testbed 6) Monitor() 8 / 14
  • 10. Example Network DNS DHCP RTURTU RTU RTURTU Switch Process Simulator HMI Historian DB IEC104 IEC104 IEC104 IEC104 STP DHCP DNS IEC104 OPC UA Sockets Key Virtual Physical 10 / 14
  • 11. Dataset ? Network Reconnaissance ? IEC104 Command Injection ? 192K Packet Dataset 11 / 14
  • 12. Ongoing Work ? Integration Process Simulators ? Implementing additional operation/con?guration pro?les ? Simplify deployment ? Expand documentation 12 / 14
  • 13. Future Work ? Testbed Federation ? Auto con?guration of networking equipment ? Amazon Web Services (AWS) and Google Compute Engine ? Experimentation with alternative network paradigms 13 / 14
  • 14. End ? www: petermaynard.co.uk ? twitter: @pgmaynad ? email: p.maynard@qub.ac.uk ? git: https://github.com/PMaynard/ ICS-TestBed-Framework ? dataset: https://dx.doi.org/10.6084/ m9.figshare.6133457.v1 14 / 14