Design and Implementation of Industrial Firewall for Modbus/TCP

For the fragile security status and the growing threat of attack on industrial control systems, it is paticu1arly important to strengthen the technology of security protection. After a detailed study of the characteristics of industrial control systems, this paper put forward design scheme of industrial firewall based on Modbus/TCP protocol combining qwhite listq security policies with deep packet inspection technology, and realizing on the Linux platform. The experimenta1 results show that the firewall can effectively intercept illegal data stream and ensure the normal operation of the industrial control system.

[1]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[2]  João Paulo S. Medeiros,et al.  Application Filters for TCP/IP Industrial Automation Protocols , 2009, CRITIS.

[3]  Jung-Chan Na,et al.  Whitelist Generation Technique for Industrial Firewall in SCADA Networks , 2014, FCC.

[4]  Liu Li,et al.  Industrial Control System Security , 2011, 2011 Third International Conference on Intelligent Human-Machine Systems and Cybernetics.

[5]  Raouf Boutaba,et al.  Performance Modeling and Analysis of Network Firewalls , 2012, IEEE Transactions on Network and Service Management.

[6]  A. Kavitha Karun,et al.  Firewall log analysis and dynamic rule re-ordering in firewall policy anomaly management framework , 2013, 2013 International Conference on Green Computing, Communication and Conservation of Energy (ICGCE).

[7]  Simon Parsons,et al.  Arguing About Firewall Policy , 2012, COMMA.

[8]  Eric D. Knapp,et al.  Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems , 2011 .

[9]  Wei Gao,et al.  On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems , 2014, J. Digit. Forensics Secur. Law.

[10]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[11]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.