{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,9]],"date-time":"2025-11-09T03:47:53Z","timestamp":1762660073749},"reference-count":25,"publisher":"Engineering and Technology Publishing","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["jcm"],"published-print":{"date-parts":[[2021]]},"abstract":"The intrusion detection system (IDS) is the main tool to do security monitoring that is one of the security strategies for the supervisory control and data acquisition (SCADA) system. In this paper, we develop an IDS based on the autoencoder deep learning model (AE-IDS) for the SCADA system. The target SCADA communication protocol of the detection model is the Distributed Network Protocol 3 (DNP3), which is currently the most commonly utilized communication protocol in the power substation. Cyberattacks that we consider are data injection or modification attacks, which are the most critical attacks in the SCADA systems. In this paper, we extracted 17 data features from DNP3 communication, and use them to train the autoencoder network. We measure accuracy and loss of detection and compare them with different supervised deep learning algorithms. The unsupervised AE-IDS model shows better performance than the other deep learning IDS models.<\/jats:p>","DOI":"10.12720\/jcm.16.6.210-216","type":"journal-article","created":{"date-parts":[[2021,5,25]],"date-time":"2021-05-25T06:41:01Z","timestamp":1621924861000},"page":"210-216","source":"Crossref","is-referenced-by-count":16,"title":["An Autoencoder-Based Network Intrusion Detection System for the SCADA System"],"prefix":"10.12720","author":[{"name":"Dept. of Computer Engineering, Myongji University, Yongin, R. of Korea","sequence":"first","affiliation":[]},{"given":"Mustafa","family":"Altaha","sequence":"first","affiliation":[]},{"given":"Jae-Myeong","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Muhammad","family":"Aslam","sequence":"additional","affiliation":[]},{"given":"Sugwon","family":"Hong","sequence":"additional","affiliation":[]}],"member":"4977","published-online":{"date-parts":[[2021]]},"reference":[{"key":"ref0","doi-asserted-by":"publisher","unstructured":"[1] S. Hong, J. H. Lee, M. Altaha, and M. Aslam, \"Security monitoring and network management for the power control network,\" I. J. of Electrical and Electronic Engineering & Telecommunications, vol. 9, no. 5, pp. 356-363, Sep. 2020.","DOI":"10.18178\/ijeetc.9.5.356-363"},{"key":"ref1","doi-asserted-by":"publisher","unstructured":"[2] D. Bhamare, M. Zolanvari, A. Erbad, R. Jain, K. Khan, and N. Meskin, \"Cybersecurity for industrial control systems: A survey,\" Computers & Security, vol. 89, February 2020.","DOI":"10.1016\/j.cose.2019.101677"},{"key":"ref2","doi-asserted-by":"publisher","unstructured":"[3] Y. Hu, A. Yang, H. Li, Y. Sun, and L. Sun, \"A survey of intrusion detection on industrial control systems,\" I. J. of Distributed Sensor Networks, vol. 14, no. 8, 2018.","DOI":"10.1177\/1550147718794615"},{"key":"ref3","doi-asserted-by":"publisher","unstructured":"[4] A. Volkova, M. Niedermeiser, R. Basmadjian, and H. de Meer, \"Security challenge in control network protocols: A survey,\" IEEE Communications Surveys & Tutorials, vol. 21, no. 1, 2019.","DOI":"10.1109\/COMST.2018.2872114"},{"key":"ref4","doi-asserted-by":"publisher","unstructured":"[5] H. Liu and B. Lang, \"Machine learning and deep learning methods for intrusion detection systems: A survey,\" Applied Sciences vol. 9, p. 4396, Oct. 2019.","DOI":"10.3390\/app9204396"},{"key":"ref5","doi-asserted-by":"publisher","unstructured":"[6] A. M. Aleesa, B. B. Zaidan, A. A. Zaidan, and N. M. Sahar, \"Review of intrusion detection systems based on deep learning techniques: Coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future direction,\" Neural Computing and Application, vol. 32, pp. 8827-9858, Oct. 2019.","DOI":"10.1007\/s00521-019-04557-3"},{"key":"ref6","unstructured":"[7] B. Chalapathy and S. Chawla. (Jan. 2019). Deep Learning for Anomaly Detection: A Survey. [Online]. Available: https:\/\/arxiv.org\/abs\/1901.03407"},{"key":"ref7","unstructured":"[8] Y. Luo, Y. Xiao, L. Cheng, G. Peng, and D. Yao. (Mar. 2020). Deep learning-based anomaly detection in cyber-physical systems: Progress and opportunities. [Online]. Available: https:\/\/arxiv.org\/abs\/2003.13213"},{"key":"ref8","doi-asserted-by":"publisher","unstructured":"[9] R. L. Perez, F. Adamsky, R. Soua, and T. Engel, \"Forget the myth of the air gap: Machine learning for reliable intrusion detection in SCADA systems,\" EAI Endorsed Trans. on Security and Safety, vol. 6, no. 19, 2019.","DOI":"10.4108\/eai.25-1-2019.159348"},{"key":"ref9","doi-asserted-by":"publisher","unstructured":"[10] H. Yang, L. Cheng, and M. C. Chuah, \"Deep-Learning-Based network intrusion detection for SCADA systems,\" in Proc. IEEE Conference on Communications and Network Security (CNS), June 2019.","DOI":"10.1109\/CNS.2019.8802785"},{"key":"ref10","unstructured":"[11] A. Hijazi, E. A. Safadi, and J. M. Flaus, \"A deep learning approach for intrusion detection system in industry network,\" in Proc. Int'l Conference on Big Data and Cybersecurity Intelligence, Beirut, Lebanon, 2019."},{"key":"ref11","doi-asserted-by":"publisher","unstructured":"[12] C. Wang, B. Wang, H. Liu, and H. Qu, \"Anomaly detection for industrial control system based on autoencoder neural network,\" Hindawi Wireless Communications and Mobile Computing, vol. 2020, Aug. 2020.","DOI":"10.1155\/2020\/8897926"},{"key":"ref12","unstructured":"[13] M. Charib, S. H. Dastgerdi, and M. Sabokron. (Nov. 2019). AutoIDS: Auto-encoder Based Method for Intrusion Detection System. [Online]. Available: https:\/\/arxiv.org\/pdf\/1911.03306.pdf"},{"key":"ref13","doi-asserted-by":"publisher","unstructured":"[14] F. Farahnakian and J. Heikkonen, \"A deep auto-encoder based approach for intrusion detection system,\" in Proc. Int'l Conf. on Advanced Communication Technology (ICACT), Feb. 2018.","DOI":"10.23919\/ICACT.2018.8323687"},{"key":"ref14","unstructured":"[15] IEEE Standard for Electric Power Systems Communications Distributed Network Protocol (DNP3), IEEE Standard Association, IEEE Std 1815-2012."},{"key":"ref15","unstructured":"[16] OpenDNP3. [Online]. Available: https:\/\/www.automatak.com\/opendnp3"},{"key":"ref16","unstructured":"[17] W. Chris, GNS3 Network Simulation Guide, 1st ed. Packt Publ., 2013."},{"key":"ref17","doi-asserted-by":"publisher","unstructured":"[18] S. East, J. Butts, M. Papa, and S. Shenoi, \"A taxonomy of attacks on the DNP3 protocol,\" in Critical Infrastructure Protection III, Springer, Berlin, Heidelberg, March, 2009, pp. 67-81.","DOI":"10.1007\/978-3-642-04798-5_5"},{"key":"ref18","doi-asserted-by":"publisher","unstructured":"[19] D. Formby, A. Walid, and R. Beyah, \"A case study in power substation network dynamics,\" Proc. the ACM on Measurement and Analysis of Computing Systems, vol. 1, no. 1, June 2017.","DOI":"10.1145\/3084456"},{"key":"ref19","doi-asserted-by":"publisher","unstructured":"[20] S. S. Jung, D. Formby, C. Day, and R. Beyah, \"A first look at machine-to-machine power grid network traffic,\" in Proc. IEEE Int'l Conf. on Smart Grid Communications, Nov. 2014.","DOI":"10.1109\/SmartGridComm.2014.7007760"},{"key":"ref20","doi-asserted-by":"publisher","unstructured":"[21] M. Altaha, J. H. Lee., M. Aslam, and S. Hong, \"Network intrusion detection based on deep neural networks for the SCADA system,\" Journal of Physics: Conference Series, vol. 1585, July 2020. [22] H. Zhang, T. W. Weng, P. Y. Chen, C. J. Hsieh, and L. Daniel, \"Efficient neural network robustness certification with general activation functions,\" in Advances in neural Information Processing Systems, 2018, pp. 4939-4948.","DOI":"10.1088\/1742-6596\/1585\/1\/012038"},{"key":"ref21","unstructured":"[23] Linux, Kali. [Online]. Available: https:\/\/www.kali.org"},{"key":"ref22","unstructured":"[24] hping3, [Online]. Available: http:\/\/www.hping.org\/"},{"key":"ref23","unstructured":"[25] Arpspoof, [Online]. https:\/\/linux.die.net\/man\/8\/arpspoof"},{"key":"ref24","unstructured":"[26] Scapy, [Online]. Available: http:\/\/www.secdev.org\/projects\/scapy"}],"container-title":["Journal of Communications"],"original-title":[],"link":[{"URL":"http:\/\/www.jocm.us\/uploadfile\/2021\/0521\/20210521035446846.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,25]],"date-time":"2021-11-25T06:03:20Z","timestamp":1637820200000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.jocm.us\/show-256-1659-1.html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":25,"URL":"https:\/\/doi.org\/10.12720\/jcm.16.6.210-216","relation":{},"ISSN":["2374-4367"],"issn-type":[{"type":"print","value":"2374-4367"}],"subject":[],"published":{"date-parts":[[2021]]}}}