Implementation of abnormal behavior detection system based packet analysis for industrial control system security

산업 제어 시스템 보안을 위한 패킷 분석 기반 비정상행위 탐지 시스템 구현

  • Kim, Hyun-Seok (Department of Information and Communication Engineering, Soonchunhyang University) ;
  • Park, Dong-Gue (Department of Information and Communication Engineering, Soonchunhyang University)
  • 김현석 (순천향대학교 정보통신공학과) ;
  • 박동규 (순천향대학교 정보통신공학과)
  • Received : 2018.01.09
  • Accepted : 2018.04.06
  • Published : 2018.04.30


National-scale industrial control systems for gas, electric power, water processing, nuclear power, and traffic control systems increasingly use open networks and open standards protocols based on advanced information and communications technologies. The frequency of cyberattacks increases steadily because of the use of open networks and open standards protocols, but follow-up actions are limited. Therefore, the application of security solutions to an industrial control system is very important. However, it is not possible to apply security solutions to a real system because of the characteristics of industrial control systems. And a security system that can detect attacks without affecting the existing system is imperative. Therefore, in this paper, we propose an intrusion detection system based on packet analysis that can detect anomalous behaviors without affecting the industrial control system, and we verify the effectiveness of the proposed intrusion detection system by applying it in a test bed simulating a real environment.


abnormal behavior detect;cyber attack experiment;industrial control system;intrusion dectection system;ICS security


Supported by : 순천향대학교


  1. Fireeye Inc., "2017 Security Predictions", Technical Report, Dec. 2016.
  2. Hyun-Seok Kim and Dong-Gue Park, "Implementation of the testbed for security of industrial control system", Journal of KIIT, vol. 15, no. 6, pp. 53-60, Jun. 2017. DOI:
  3. NCCIC, "ICS-CERT Monitor", Technical report, Feb. 2015.
  4. Do-Yeon Kim, "Vulnerability analysis for industrial control system cyber security", Journal of JKIECS, vol. 9, no. 1, pp. 137-142, Sep. 2014. DOI:
  5. Hyunguk Yoo, Jeong-Han Yun, and Taeshik Shon, "Whitelist-based anomaly detection for industrial control system security", Journal of KICS, vol. 38, no. 8, pp. 641-653, Oct. 2013. DOI:
  6. Jan Vavra and Martin Hromada, "Comparison of the Intrusion Detection System Rules in Relation with the SCADA Systems", Proc. of 5th Computer Science On-line Conference (CSOC 2016), vol. 465, pp. 159-169, Apr. 2016. DOI:
  7. Qian Chen, Sherif Abdelwahed, and Abdelkarim Erradi, "A model-based approach to self-protection in computing system", Proc. of the 2013 ACM Cloud and Autonomic Computing Conference, no. 16, pp. 1-10, New York, USA, 2013. DOI:
  8. J. J. Downs and E. F. Vogel, "A plant-wide industrial process control problem", Journal of Computers & chemical engineering, vol. 17, no. 3, pp. 245-255, 1993.
  9. Hyung-Su Lee, and Jae-Pyo Park, "Respond System for Low-Level DDoS Attack", Journal of the Korea Academia-Industrial cooperation Society, vol. 17, no. 10, pp. 732-742, 2016. DOI: