Testing of network intrusion detection systems (NIDS) in maritime environment. : a case study of NIDS tools.

Abstract

The rapid surge in digitalisation of the maritime industry which incorporates advanced navigation, automation and sophisticated communication systems into everyday operations. While there is an increase in productivity by these new developments and reduce human error in operations, it has highlighted new cybersecurity risks across the sector. This research tackles the detection of spoofed NMEA messages in a simulated maritime environment. Three open-source NIDS tools, namely Snort, Wazuh and Suricata, are deployed to mitigate the risk. The simulated test lab used standard technology tools such as computer devices and traffic replay tools and spoofed NMEA messages injected via a python script to mimic that of real-world maritime spoofing attack. Wireshark and tcpdump facilitated the authentication of traffic data while all NIDS’s alerts were investigated based on detection accuracy, functional stability and false alerts. The results showed promising results with Suricata surpassing the other NIDS identifying spoof data with a few false alerts. Snort and Wazuh proved stable but need proper configurations and tailored rules to generate alerts. Also, NIDS demonstrated it can add an extra layer of security in maritime cybersecurity but needs a structured rule development and configurations. Keywords: Cybersecurity, NMEA Spoofing, Network Intrusion Detection Systems, Maritime Networks