Cybersecurity of industrial control systems (ICS) is an essential research area due to increasing critical asset-targeted cyberattacks and their potential severe consequences. Current intrusion detection systems (IDS) are primarily based on network traffic monitoring, which may be not sufficient for detecting comprehensive and carefully prepared cyberattacks. In this situation, the combination of empirical monitoring with statistical anomaly detection technique is a promising and feasible approach to early detection of ICS cyberattack that takes advantage of numerous and various sensors used in industry; this may provide a complementary approach to traditional network-based intrusion detection to improve coverage of detectable cyberattacks. The motivation of this study is to generate ICS intrusion data to study the use of empirical models for ICS cybersecurity. In this paper, a real-time ICS test bed, which includes a physical two-loop forced flow system, LabVIEW-based supervisory control and data acquisition (SCADA) system, and Kali Linux-incorporated cyber network that conducts attacks within the local area network (LAN), is deployed to generate relevant data. Three cyberattacks scenarios are carried out in this paper, including packets sniffing with man-in-the-middle (MITM) attack; denial-of-service (DoS) attack to SCADA slave with spoofed IP address; and change command with spoofed SCADA master by MITM attack. Physical process data, including field sensor data, which represents industrial process data, are collected by the LabVIEW-based SCADA system. Network communication data are collected with Wireshark. The significance of this test bed is providing both industrial process data and network communication data of normal and under-attack situation, which will be useful in future empirical model based intrusion detection analysis. Future works will focus on improving the ICS test bed through integrating industrial protocols and collect more intrusion data for studying IDS.
展开▼
