Intrusion Detection of Industrial Control System based on Modbus TCP Protocol

被引：31

作者：

Wang Yusheng ^{[1
]}

Fan Kefeng ^{[2
]}

Lai Yingxu ^{[1
]}

Liu Zenghui ^{[3
]}

Zhou Ruikang ^{[2
]}

Yao Xiangzhen ^{[2
]}

Li Lin ^{[2
]}

机构：

[1] Beijing Univ Technol, Coll Comp Sci, Beijing 100124, Peoples R China

[2] China Elect Standardizat Inst, Beijing 100007, Peoples R China

[3] Beijing Polytech, Automat Engn Sch, Beijing 100176, Peoples R China

来源：

2017 IEEE 13TH INTERNATIONAL SYMPOSIUM ON AUTONOMOUS DECENTRALIZED SYSTEMS (ISADS 2017) | 2017年

基金：

北京市自然科学基金;

关键词：

industrial control systems; protocol parsing; semantic analysis; period; deep inspection;

D O I：

10.1109/ISADS.2017.29

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Modbus over TCP/IP is one of the most popular industrial network protocol that are widely used in critical infrastructures. However, vulnerability of Modbus TCP protocol has attracted widely concern in the public. The traditional intrusion detection methods can identify some intrusion behaviors, but there are still some problems. In this paper, we present an innovative approach, SD-IDS (Stereo Depth IDS), which is designed for perform real-time deep inspection for Modbus TCP traffic. SD-IDS algorithm is composed of two parts: rule extraction and deep inspection. The rule extraction module not only analyzes the characteristics of industrial traffic, but also explores the semantic relationship among the key field in the Modbus TCP protocol. The deep inspection module is based on rule-based anomaly intrusion detection. Furthermore, we use the online test to evaluate the performance of our SD-IDS system. Our approach get a low rate of false positive and false negative.

引用

页码：156 / 162

页数：7

共 50 条

[1] An Intrusion Detection Method Based on Log Sequence Clustering of Honeypot for Modbus TCP Protocol
Wang, Pin-Han
Liao, I-En
Kao, Kuo-Fong
Huang, Jyun-Yao
PROCEEDINGS OF 4TH IEEE INTERNATIONAL CONFERENCE ON APPLIED SYSTEM INNOVATION 2018 ( IEEE ICASI 2018 ), 2018, : 255 - 258
[2] Intrusion detection method based on support vector machine access of Modbus TCP protocol
Deng, Li
Peng, Yisong
Liu, Cancheng
Xin, Xiaoshuai
Xie, YuCen
2016 IEEE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS (ITHINGS) AND IEEE GREEN COMPUTING AND COMMUNICATIONS (GREENCOM) AND IEEE CYBER, PHYSICAL AND SOCIAL COMPUTING (CPSCOM) AND IEEE SMART DATA (SMARTDATA), 2016, : 380 - 383
[3] Modeling Modbus TCP for Intrusion Detection
Faisal, Mustafa
Cardenas, Alvaro A.
Wool, Avishai
2016 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2016, : 386 - 390
[4] ON CYBER ATTACKS AND SIGNATURE BASED INTRUSION DETECTION FOR MODBUS BASED INDUSTRIAL CONTROL SYSTEMS
Gao, Wei
Morris, Thomas H.
JOURNAL OF DIGITAL FORENSICS SECURITY AND LAW, 2014, 9 (01) : 37 - 55
[5] Adaptive Fuzzy PID Temperature Control System Based on OPC and Modbus/TCP Protocol
Huang, Qingbao
She, Qianzhong
Lin, Xiaofeng
2010 2ND INTERNATIONAL ASIA CONFERENCE ON INFORMATICS IN CONTROL, AUTOMATION AND ROBOTICS (CAR 2010), VOL 2, 2010, : 238 - 241
[6] Research on Cross-Protocol Industrial Control Intrusion Detection System
Fang, Guoqing
Zhang, Yaxian
Yu, Dan
Ma, Yao
Chen, Yongle
Computer Engineering and Applications, 2023, 59 (14) : 251 - 259
[7] Native Support for Modbus RTU Protocol in Snort Intrusion Detection System
Tylman, Wojciech
NEW RESULTS IN DEPENDABILITY AND COMPUTER SYSTEMS, 2013, 224 : 479 - 487
[8] Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems
Goldenberg, Niv
Wool, Avishai
INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION, 2013, 6 (02) : 63 - 75
[9] Intrusion detection algorithm based on OCSVM in industrial control system
Shang, Wenli
Zeng, Peng
Wan, Ming
Li, Lin
An, Panfeng
SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (10) : 1040 - 1049
[10] Intrusion Detection System Based On The Integrity of TCP Packet
Alhamaty, Moad
Yazdian, Ali
Al-qadasi, Fathi
PROCEEDINGS OF WORLD ACADEMY OF SCIENCE, ENGINEERING AND TECHNOLOGY, VOL 11, 2006, 11 : 234 - +

← 1 2 3 4 5 →