Skip to main content
SpringerLink
Log in

Incident Detection System for Industrial Networks

  • Chapter
  • First Online:
Big Data Privacy and Security in Smart Cities

  • 483 Accesses

Abstract

Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52%), machine learning (with an accuracy of 100%), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Pymodbus available on: https://pypi.org/project/pymodbus/.

  2. 2.

    PostgreSQL available on: https://www.postgresql.org.

  3. 3.

    Tcprewrite available on: https://tcpreplay.appneta.com/wiki/tcprewrite-man.html.

  4. 4.

    Scikit-learn available on: https://scikit-learn.org/.

  5. 5.

    Grafana available on: https://grafana.com/.

References

  1. Stouffer K, Pillitteri V, Lightman S, Abrams M, Hahn A (2015) National institute of standards and technology special publication 800–82, revision 2. U.S. Department of Commerce, NIST

    Google Scholar 

  2. (2020) Security for industrial automation and control systems, 1st edn.

    Google Scholar 

  3. North American electric reliability corporation (2008). Available: https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx

  4. Holasova E, Kuchar K, Fujdiak R, Blazek P, Misurec J (2022) Security modules for securing industrial networks. In: International conference on information system and network security (CISNS 2021), vol 2, pp 1–8

    Google Scholar 

  5. Beaver JM, Borges-Hink RC, Buckner MA (2013) An evaluation of machine learning methods to detect malicious SCADA communications. In: 2013 12th International conference on machine learning and applications, pp 54–59. Available: http://ieeexplore.ieee.org/document/6786081/

  6. Mubarak S, Habaebi MH, Islam MR, Khan S (2021) ICS cyber attack detection with ensemble machine learning and dpi using cyber-kit datasets. In: 2021 8th International conference on computer and communication engineering (ICCCE), pp 349–354. Available: https://ieeexplore.ieee.org/document/9467162/

  7. Joshi C, Khochare J, Rathod J, Kazi F (2020) A semi-supervised approach for detection of SCADA attacks in gas pipeline control systems. In: 2020 IEEE-HYDCON, pp 1–8. Available: https://ieeexplore.ieee.org/document/9242676/

  8. Alhaidari FA, AL-Dahasi EM (2019) New approach to determine DDoS attack patterns on SCADA system using machine learning. In: 2019 International conference on computer and information sciences (ICCIS), pp 1–6. Available: https://ieeexplore.ieee.org/document/8716432/

  9. Bulle BB, Santin AO, Viegas EK, dos Santos RR (2020) A host-based intrusion detection model based on OS diversity for SCADA. In: IECON 2020 The 46th annual conference of the IEEE industrial electronics society, pp 691–696. Available: https://ieeexplore.ieee.org/document/9255062/

  10. Perez RL, Adamsky F, Soua R, Engel T (2018) Machine learning for reliable network attack detection in SCADA systems. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE), pp 633–638. Available: https://ieeexplore.ieee.org/document/8455962/

  11. Knapp E (2011) Chapter 4—Industrial network protocols. In: Industrial network security. In: Knapp E (ed) Syngress, Boston, pp 55–87. Available: https://www.sciencedirect.com/science/article/pii/B9781597496452000045

  12. Chang H-C, Lin C-Y, Liao D-J, Koo T-M (2020) The modbus protocol vulnerability test in industrial control systems. In: International conference on cyber-enabled distributed computing and knowledge discovery (CyberC), pp 375–378

    Google Scholar 

  13. Yue G (2020) Design of intelligent monitoring and control system based on modbus. In: 2020 5th International conference on communication, image and signal processing (CCISP), pp 149–153

    Google Scholar 

  14. Radoglou-Grammatikis P, Siniosoglou I, Liatifis T, Kourouniadis A, Rompolos K, Sarigiannidis P (2020) Implementation and detection of modbus cyberattacks. In: 2020 9th International conference on modern circuits and systems technologies (MOCAST) pp 1–4

    Google Scholar 

  15. Zhou X, Xu Z, Wang L, Chen K, Chen C, Zhang W (2018) Kill chain for industrial control system. In: MATEC web conference, vol 173. Available: https://doi.org/10.1051/matecconf/201817301013

  16. Fachkha C (2019) Cyber threat investigation of SCADA modbus activities. In: 2019 10th IFIP international conference on new technologies, mobility and security (NTMS), pp 1–7

    Google Scholar 

  17. Nardone R, Rodríguez RJ, Marrone S (2016) Formal security assessment of modbus protocol. In: 2016 11th International conference for internet technology and secured transactions (ICITST), pp 142–147

    Google Scholar 

  18. Luswata J, Zavarsky P, Swar B, Zvabva D (2018) Analysis of SCADA security using penetration testing: a case study on modbus TCP protocol. In: 2018 29th Biennial symposium on communications (BSC), pp 1–5

    Google Scholar 

  19. Volkova A, Niedermeier M, Basmadjian R, de Meer H (2019) Security challenges in control network protocols: a survey. IEEE Commun Surveys Tutor 21(1):619–639

    Article  Google Scholar 

  20. Frazão I, Abreu P, Cruz T, Araújo H, Simões P (2019) Cyber-security modbus ICS dataset. Available: https://dx.doi.org/10.21227/pjff-1a03

Download references

Acknowledgements

The described research is part of the grant project registered under no. VI20192022132 and funded by the Ministry of Interior of the Czech Republic.

Author information

Authors and Affiliations

  1. Department of Telecommunications, Faculty of Electrical Engineering and Communication, Brno University of Technology, Technicka 12, Brno, 616 00, Czech Republic

    Karel Kuchar, Eva Holasova, Radek Fujdiak, Petr Blazek & Jiri Misurec

Authors
  1. Karel Kuchar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eva Holasova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Radek Fujdiak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Petr Blazek
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jiri Misurec
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Radek Fujdiak .

Editor information

Editors and Affiliations

  1. School of Computing and Communications, Lancaster University, Lancaster, UK

    Richard Jiang

  2. Centre for Data Analytics and Cybersecurity, University of Sharjah, Sharjah, United Arab Emirates

    Ahmed Bouridane

  3. School of Information Technology Deakin, University Deakin, Geelong, VIC, Australia

    Chang-Tsun Li

  4. Queen’s University Belfast, Belfast, UK

    Danny Crookes

  5. School of Engineering, Newcastle University, Newcastle upon Tyne, UK

    Said Boussakta

  6. Department of Computer Science, University of Warwick, Warwick, UK

    Feng Hao

  7. Keele University, Staffordshire, UK

    Eran A. Edirisinghe

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kuchar, K., Holasova, E., Fujdiak, R., Blazek, P., Misurec, J. (2022). Incident Detection System for Industrial Networks. In: Jiang, R., et al. Big Data Privacy and Security in Smart Cities. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-04424-3_5

Download citation

Publish with us

Policies and ethics

Search

Navigation