Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks

tInternet of Things (IoTs) platform is increasingly being used in modern industries. Billions of deviceswith smart sensing capabilities, PLCs, actuators, intelligent electronic devices (IEDs) of industrial controlsystems (ICS) and supervisory control and data acquisition (SCADA) network are connected over IoT plat-form. IoT platform has facilitated modern industries an efficient monitoring and controlling of physicalsystems (various hardware and machineries) resulting in an intelligent data acquisition, processing andhighly productive and profitable management of business. Initially, these devices have been deployedwithout any security concern considering these will run in isolated networks. With the new IoT platformscenario, SCADA based ICS networks are integrated with the corporate networks over the internet. There-fore, the devices of a SCADA network are facing significant threat of malicious attacks either through thevulnerabilities of the corporate network or the devices used in the SCADA. Traditional IT security soft-ware products are not enough for ICS as these software products consider only operating system related calls and application program interface (API) behaviour of applications, which are only focused on corporate business solutions and related technologies. In this paper, we propose a secure architecture forICS network that proposes a detection model based on SCADA network traffic. The proposed architecturedevelops two ensembles based detection algorithms using deep belief network (DBN) and standard clas-sifier, including support vector machines (SVM). The novelty of the proposed architecture is that it uses network traffic feature and payload feature for detection model instead of conventional signature based or API based malware detection technique. In addition, ensemble-DBN of the proposed architecture canovercome many limitations of standard techniques, including the complexity and big size of the training data.The proposed architecture for ICS has been verified using a real SCADA network data. Experimental results show that our ensemble based detection system outperforms over existing attack detection engines.