A Virtualized Approach to Intrusion Detection in SCADA Systems with an Implementation of ICS Lab Setup
摘要
Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) access to corporate IT networks and the Internet provides critical infrastructure security risks which continue to increase. Past designs limited these systems within separate operating niches that sought protection. The current danger landscape featuring sophisticated cyber-attacks revealed substantial security vulnerabilities in these systems which create disruptions to critical infrastructure services. The proposed framework capitalizes on the combination of historian systems and Intrusion Detection Systems (IDS) for conducting real-time threat identification and forensic investigations in ICS networks. This framework combines a historian system that logs and aggregates data along with an IDS that detects anomalies and attacks passing through ICS traffic. By adopting virtualization technologies, a secure, scalable, and isolated environment is created, allowing the safe deployment and testing of security measures without risking the integrity of live systems. The proposed solution is evaluated through a virtualized ICS setup, where simulated attacks are carried out to test the system’s response. The integration of these technologies improves the ability to detect and mitigate cyber threats early, provides detailed incident logs for forensic analysis, and enables rapid response mechanisms. The findings from this study suggest that adopting such an integrated approach can significantly enhance the cybersecurity posture of ICS networks. The paper concludes by exploring future enhancements, including the integration of AI and Machine Learning for more advanced anomaly detection and the application of blockchain for ensuring data integrity in historian systems.