Abstract
Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52%), machine learning (with an accuracy of 100%), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Pymodbus available on: https://pypi.org/project/pymodbus/.
- 2.
PostgreSQL available on: https://www.postgresql.org.
- 3.
Tcprewrite available on: https://tcpreplay.appneta.com/wiki/tcprewrite-man.html.
- 4.
Scikit-learn available on: https://scikit-learn.org/.
- 5.
Grafana available on: https://grafana.com/.
References
Stouffer K, Pillitteri V, Lightman S, Abrams M, Hahn A (2015) National institute of standards and technology special publication 800–82, revision 2. U.S. Department of Commerce, NIST
(2020) Security for industrial automation and control systems, 1st edn.
North American electric reliability corporation (2008). Available: https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
Holasova E, Kuchar K, Fujdiak R, Blazek P, Misurec J (2022) Security modules for securing industrial networks. In: International conference on information system and network security (CISNS 2021), vol 2, pp 1–8
Beaver JM, Borges-Hink RC, Buckner MA (2013) An evaluation of machine learning methods to detect malicious SCADA communications. In: 2013 12th International conference on machine learning and applications, pp 54–59. Available: http://ieeexplore.ieee.org/document/6786081/
Mubarak S, Habaebi MH, Islam MR, Khan S (2021) ICS cyber attack detection with ensemble machine learning and dpi using cyber-kit datasets. In: 2021 8th International conference on computer and communication engineering (ICCCE), pp 349–354. Available: https://ieeexplore.ieee.org/document/9467162/
Joshi C, Khochare J, Rathod J, Kazi F (2020) A semi-supervised approach for detection of SCADA attacks in gas pipeline control systems. In: 2020 IEEE-HYDCON, pp 1–8. Available: https://ieeexplore.ieee.org/document/9242676/
Alhaidari FA, AL-Dahasi EM (2019) New approach to determine DDoS attack patterns on SCADA system using machine learning. In: 2019 International conference on computer and information sciences (ICCIS), pp 1–6. Available: https://ieeexplore.ieee.org/document/8716432/
Bulle BB, Santin AO, Viegas EK, dos Santos RR (2020) A host-based intrusion detection model based on OS diversity for SCADA. In: IECON 2020 The 46th annual conference of the IEEE industrial electronics society, pp 691–696. Available: https://ieeexplore.ieee.org/document/9255062/
Perez RL, Adamsky F, Soua R, Engel T (2018) Machine learning for reliable network attack detection in SCADA systems. In: 2018 17th IEEE international conference on trust, security and privacy in computing and communications/12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE), pp 633–638. Available: https://ieeexplore.ieee.org/document/8455962/
Knapp E (2011) Chapter 4—Industrial network protocols. In: Industrial network security. In: Knapp E (ed) Syngress, Boston, pp 55–87. Available: https://www.sciencedirect.com/science/article/pii/B9781597496452000045
Chang H-C, Lin C-Y, Liao D-J, Koo T-M (2020) The modbus protocol vulnerability test in industrial control systems. In: International conference on cyber-enabled distributed computing and knowledge discovery (CyberC), pp 375–378
Yue G (2020) Design of intelligent monitoring and control system based on modbus. In: 2020 5th International conference on communication, image and signal processing (CCISP), pp 149–153
Radoglou-Grammatikis P, Siniosoglou I, Liatifis T, Kourouniadis A, Rompolos K, Sarigiannidis P (2020) Implementation and detection of modbus cyberattacks. In: 2020 9th International conference on modern circuits and systems technologies (MOCAST) pp 1–4
Zhou X, Xu Z, Wang L, Chen K, Chen C, Zhang W (2018) Kill chain for industrial control system. In: MATEC web conference, vol 173. Available: https://doi.org/10.1051/matecconf/201817301013
Fachkha C (2019) Cyber threat investigation of SCADA modbus activities. In: 2019 10th IFIP international conference on new technologies, mobility and security (NTMS), pp 1–7
Nardone R, RodrÃguez RJ, Marrone S (2016) Formal security assessment of modbus protocol. In: 2016 11th International conference for internet technology and secured transactions (ICITST), pp 142–147
Luswata J, Zavarsky P, Swar B, Zvabva D (2018) Analysis of SCADA security using penetration testing: a case study on modbus TCP protocol. In: 2018 29th Biennial symposium on communications (BSC), pp 1–5
Volkova A, Niedermeier M, Basmadjian R, de Meer H (2019) Security challenges in control network protocols: a survey. IEEE Commun Surveys Tutor 21(1):619–639
Frazão I, Abreu P, Cruz T, Araújo H, Simões P (2019) Cyber-security modbus ICS dataset. Available: https://dx.doi.org/10.21227/pjff-1a03
Acknowledgements
The described research is part of the grant project registered under no. VI20192022132 and funded by the Ministry of Interior of the Czech Republic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kuchar, K., Holasova, E., Fujdiak, R., Blazek, P., Misurec, J. (2022). Incident Detection System for Industrial Networks. In: Jiang, R., et al. Big Data Privacy and Security in Smart Cities. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-04424-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-04424-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04423-6
Online ISBN: 978-3-031-04424-3
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)