{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T22:39:19Z","timestamp":1761863959746,"version":"build-2065373602"},"reference-count":15,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2019,1,15]],"date-time":"2019-01-15T00:00:00Z","timestamp":1547510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["MAKE"],"abstract":"<jats:p>The Distributed Network Protocol (DNP3) is predominately used by the electric utility industry and, consequently, in smart grids. The Peekaboo attack was created to compromise DNP3 traffic, in which a man-in-the-middle on a communication link can capture and drop selected encrypted DNP3 messages by using support vector machine learning algorithms. The communication networks of smart grids are a important part of their infrastructure, so it is of critical importance to keep this communication secure and reliable. The main contribution of this paper is to compare the use of machine learning techniques to classify messages of the same protocol exchanged in encrypted tunnels. The study considers four simulated cases of encrypted DNP3 traffic scenarios and four different supervised machine learning algorithms: Decision tree, nearest-neighbor, support vector machine, and naive Bayes. The results obtained show that it is possible to extend a Peekaboo attack over multiple substations, using a decision tree learning algorithm, and to gather significant information from a system that communicates using encrypted DNP3 traffic.<\/jats:p>","DOI":"10.3390\/make1010022","type":"journal-article","created":{"date-parts":[[2019,1,16]],"date-time":"2019-01-16T03:09:13Z","timestamp":1547608153000},"page":"384-399","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Encrypted DNP3 Traffic Classification Using Supervised Machine Learning Algorithms"],"prefix":"10.3390","volume":"1","author":[{"given":"Thais Rodriguez","family":"de Toledo","sequence":"first","affiliation":[{"name":"Center of Mathematics, Computing and Cognition, Federal University of ABC, Campus S\u00e3o Bernardo do Campo, S\u00e3o Paulo 09606-070, Brazil"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1273-7152","authenticated-orcid":false,"given":"Nunzio Marco","family":"Torrisi","sequence":"additional","affiliation":[{"name":"Center of Mathematics, Computing and Cognition, Federal University of ABC, Campus S\u00e3o Bernardo do Campo, S\u00e3o Paulo 09606-070, Brazil"}]}],"member":"1968","published-online":{"date-parts":[[2019,1,15]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1344","DOI":"10.1016\/j.comnet.2012.12.017","article-title":"Survey Cyber Security in the Smart Grid: Survey and Challenges","volume":"57","author":"Wang","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1145\/2591056.2591060","article-title":"Evaluation of Security Solutions in the SCADA Environment","volume":"45","author":"Larkin","year":"2014","journal-title":"SIGMIS Database"},{"key":"ref_3","unstructured":"Institute of Electrical and Electronics Engineers (2012). IEEE Standard for Electric Power Systems Communications 1815\u20132012, Institute of Electrical and Electronics Engineers."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Clarke, G., Reynders, D., and Wright, E. (2004). Practical Modern SCADA Protocols, Newnes. [1st ed.].","DOI":"10.1016\/B978-075065799-0\/50030-9"},{"key":"ref_5","unstructured":"Cai, J., Zhang, Z., and Song, X. (2010, January 11\u201314). An analysis of UDP traffic classification. Proceedings of the 2010 12th IEEE International Conference on Communication Technology, Nanjing, China."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Torrisi, N., Vukovic, O., Dan, G., and Hagdahl, S. (2014, January 3\u20136). Peekaboo: A gray hole attack on encrypted SCADA communication using traffic analysis. Proceedings of the 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm), Venice, Italy.","DOI":"10.1109\/SmartGridComm.2014.7007763"},{"key":"ref_7","first-page":"2","article-title":"The Efficacy and Challenges of SCADA and Smart Grid Integration","volume":"1","author":"Cardwell","year":"2013","journal-title":"J. Cyber Secur. Inf. Syst."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1109\/MIAS.2009.935500","article-title":"Ten Steps to a Smarter Grid","volume":"16","author":"Collier","year":"2010","journal-title":"IEEE Ind. Appl. Mag."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1016\/j.istr.2006.03.004","article-title":"A Cryptographic Tour of the IPsec Standards","volume":"11","author":"Paterson","year":"2006","journal-title":"Inf. Secur. Tech. Rep."},{"key":"ref_10","unstructured":"Stallings, W. (2013). Cryptography and Network Security: Principles and Practice, Prentice Hall Press. [6th ed.]."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Tan, X., Su, X., and Qian, Q. (2011, January 9\u201311). The classification of SSH tunneled traffic using maximum likelihood classifier. Proceedings of the 2011 International Conference on Electronics, Communications and Control (ICECC), Ningbo, China.","DOI":"10.1109\/ICECC.2011.6066732"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Fratta, L., Schulzrinne, H., Takahashi, Y., and Spaniol, O. (2009). Real Time Identification of SSH Encrypted Application Flows by Using Cluster Analysis Techniques. NETWORKING 2009: 8th International IFIP-TC 6 Networking Conference, Springer.","DOI":"10.1007\/978-3-642-01399-7"},{"key":"ref_13","unstructured":"Rezaei, S., and Liu, X. (arXiv, 2018). Deep Learning for Encrypted Traffic Classification: An Overview, arXiv."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","article-title":"The WEKA Data Mining Software: An Update","volume":"11","author":"Hall","year":"2009","journal-title":"SIGKDD Explor."},{"key":"ref_15","unstructured":"Witten, I.H., and Frank, E. (2005). Data Mining, Elsevier. [2nd ed.]."}],"container-title":["Machine Learning and Knowledge Extraction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-4990\/1\/1\/22\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:26:10Z","timestamp":1760185570000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-4990\/1\/1\/22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,1,15]]},"references-count":15,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["make1010022"],"URL":"https:\/\/doi.org\/10.3390\/make1010022","relation":{},"ISSN":["2504-4990"],"issn-type":[{"type":"electronic","value":"2504-4990"}],"subject":[],"published":{"date-parts":[[2019,1,15]]}}}