Abnormal Traffic Detection Mechanism for Protecting IIoT Environments
暂无分享,去创建一个
In the last few decades, control systems have been upgraded from the standard serial bus systems to modern TCP/IP based systems. The Modbus protocol is one of the most widely used protocols in control systems. However, it provides no inherent security mechanisms. Therefore, the Modbus protocol is susceptible to the type of attack that injects false Modbus commands. For that reason, we propose an abnormal traffic detection mechanism by tracing Modbus/TCP transactions. The proposed method enables immediate and fast response to not only Denial-of-Service (DoS) attacks, which can be induced by a repetition of false Modbus commands, but also various types of accidents, which can be occurred inadvertently from things such as routing loops, misconfigured devices and human mistakes.
[1] Dong-Ho Kang,et al. Abnormal traffic filtering mechanism for protecting ICS networks , 2016, 2016 18th International Conference on Advanced Communication Technology (ICACT).
[2] Dale Peterson,et al. Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.
[3] Stamatis Karnouskos,et al. Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.