Abstract

TASCON, Stephen Quiroz; JIMENEZ, Julián Zapata  and  MONTOYA, Héctor Fernando Vargas. Predicting Cyber-Attacks in Industrial SCADA Systems Through The Kalman Filter Implementation. TecnoL. [online]. 2020, vol.23, n.48, pp.243-261. ISSN 0123-7799.  https://doi.org/10.22430/22565337.1586.

In industrial SCADA (Supervisory Control and Data Acquisition) systems, knowing the status of each device allows information to be collected on its behavior. In this way, actions can be deduced, and different strategies can be formed to help reduce cyber risk. In this article of applied research, a model of prediction of possible cyber-attacks in a SCADA system is presented. This prediction is made with a Kalman filter. A Kalman filter processes cyber security events captured through an intrusion detection system (applied in a SCADA simulation system) and generates a future projection of the probability of an attack being carried out. With this information, system administrators will be able to make some decisions about how to act against imminent cyber-attacks. An installation of different technological components was carried out and 3 cyberattacks to the SCADA were executed: (i) possible scans, (ii) theft of information and (iii) command and data overwriting generating Denial of Service or DoS. The security events were detected by an intrusion detection system and sent to a software, setup with Kalman filter features to deliver as output the possible predictions of attacks. As a result, the probability of a successful computer attack can be seen from the entries based on the historical events and the applied filter formulas.

Keywords : Cyber-attack; cyber-security; intrusion detection system; kalman filter; Supervisory Control and Data Acquisition.

        · abstract in Spanish     · text in Spanish     · Spanish ( pdf )