Enhancing Modbus/TCP-Based Industrial Automation and Control Systems Cybersecurity Using a Misuse-Based Intrusion Detection System

2022 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM) Pub Date : 2022-06-22 DOI:10.1109/speedam53979.2022.9842239

F. Katulić, D. Sumina, I. Erceg, S. Groš

{"title":"Enhancing Modbus/TCP-Based Industrial Automation and Control Systems Cybersecurity Using a Misuse-Based Intrusion Detection System","authors":"F. Katulić, D. Sumina, I. Erceg, S. Groš","doi":"10.1109/speedam53979.2022.9842239","DOIUrl":null,"url":null,"abstract":"Modbus over TCP (Modbus/TCP) is a very popular protocol in industrial automation and control systems (IACS), but at the same time it is completely unprotected in terms of cybersecurity. This allows adversaries to manipulate controlled processes by forging or modifying process values in the Modbus protocol data unit (PDU), potentially causing damage to IACSs. In this paper, we propose the use of a misuse-based intrusion detection system (IDS) to detect out-of-bound process values and in that way make it difficult for an adversary to manipulate process values. To test the feasibility of this approach, a cyber-physical system was created, simulating an IACS water treatment plant. The implemented rule-based alarms and warnings were based on the industrial process and an adversary threat model, focusing on the process values of the IACS. This approach shows a promise as an additional safety mechanism to standard IACS cybersecurity solutions.","PeriodicalId":365235,"journal":{"name":"2022 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM)","volume":"98 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/speedam53979.2022.9842239","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Modbus over TCP (Modbus/TCP) is a very popular protocol in industrial automation and control systems (IACS), but at the same time it is completely unprotected in terms of cybersecurity. This allows adversaries to manipulate controlled processes by forging or modifying process values in the Modbus protocol data unit (PDU), potentially causing damage to IACSs. In this paper, we propose the use of a misuse-based intrusion detection system (IDS) to detect out-of-bound process values and in that way make it difficult for an adversary to manipulate process values. To test the feasibility of this approach, a cyber-physical system was created, simulating an IACS water treatment plant. The implemented rule-based alarms and warnings were based on the industrial process and an adversary threat model, focusing on the process values of the IACS. This approach shows a promise as an additional safety mechanism to standard IACS cybersecurity solutions.

查看原文本刊更多论文

基于误用的入侵检测系统增强基于Modbus/ tcp的工业自动化与控制系统的网络安全

Modbus over TCP (Modbus/TCP)是工业自动化和控制系统(IACS)中非常流行的协议，但同时它在网络安全方面是完全不受保护的。这允许攻击者通过伪造或修改Modbus协议数据单元(PDU)中的进程值来操纵受控制的进程，从而可能对iacs造成损害。在本文中，我们提出使用基于误用的入侵检测系统(IDS)来检测超出边界的进程值，从而使攻击者难以操纵进程值。为了测试这种方法的可行性，创建了一个网络物理系统，模拟IACS水处理厂。实现的基于规则的警报和警告基于工业流程和对手威胁模型，重点关注IACS的流程值。这种方法有望作为标准IACS网络安全解决方案的额外安全机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 International Symposium on Power Electronics, Electrical Drives, Automation and Motion (SPEEDAM)

自引率

0.00%

发文量