Analysis of Malicious Traffic in Modbus/TCP Communications

  • Tiago H. Kobayashi
  • Aguinaldo B. BatistaJr.
  • João Paulo S. Medeiros
  • José Macedo F. Filho
  • Agostinho M. BritoJr.
  • Paulo S. Motta Pires
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5508)

Abstract

This paper presents the results of our analysis about the influence of Information Technology (IT) malicious traffic on an IP-based automation environment. We utilized a traffic generator, called MACE (Malicious trAffic Composition Environment), to inject malicious traffic in a Modbus/TCP communication system and a sniffer to capture and analyze network traffic. The realized tests show that malicious traffic represents a serious risk to critical information infrastructures. We show that this kind of traffic can increase latency of Modbus/TCP communication and that, in some cases, can put Modbus/TCP devices out of communication.

Keywords

Critical Information Infrastructure Protection Malicious Traffic Analysis Threats and Attacks to AT Infrastructures Automation Technology Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Pires, P.S.M., Oliveira, L.A.H.G.: Security Aspects of SCADA and Corporate Network Interconnection: An Overview. In: Dependability of Computer Systems, DepCoS-RELCOMEX 2006, May 2006, pp. 127–134 (2006)Google Scholar
  2. 2.
    Igure, V.M., Laughter, S.A., Williams, R.D., Brown, C.L.: Security Issues in SCADA Networks. Computer & Security 25(7), 498–506 (2006)CrossRefGoogle Scholar
  3. 3.
    Ralston, P.A.S., Graham, J.H., Hieb, J.L.: Cyber Security Risk Assessment for SCADA and DCS Networks. ISA Transactions 46(4), 583–594 (2007)CrossRefGoogle Scholar
  4. 4.
    21 Steps to Improve Cyber Security of SCADA Networks. President’s Critical Infrastructure Protection Board and Department of Energy Report (2002), http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf
  5. 5.
    Fernandez, J.D., Fernandez, A.E.: SCADA Systems: Vulnerabilities and Remediation. Journal of Computing Sciences in Colleges 20(4), 160–168 (2005)Google Scholar
  6. 6.
    Naedele, M.: Addressing IT Security for Critical Control Systems. System Sciences. In: 40th Annual Hawaii International Conference, HICSS 2007, January 2007, p. 115 (2007)Google Scholar
  7. 7.
    Pollet, J.: Developing a Solid SCADA Security Strategy. In: 2nd ISA/IEEE Sensors for Industry Conference, November 2002, pp. 148–156 (2002)Google Scholar
  8. 8.
    Mirkovic, J., Reiher, P., Fahmy, S., Thomas, R., Hussain, A., Schwab, S., Ko, C.: Measuring Denial of Service. Conference on Computer and Communications Security. In: Proceedings of the 2nd ACM Workshop on Quality of Protection, pp. 53–58 (2006)Google Scholar
  9. 9.
    Lan, K., Hussain, A., Dutta, D.: The Effect of Malicious Traffic on the Network. In: Proc. PAM 2003 (April 2003)Google Scholar
  10. 10.
    Sommers, J., Yegneswaran, V., Barford, P.: A Framework for Malicious Workload Generation. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, October 2004, pp. 82–87 (2004)Google Scholar
  11. 11.
    Aikat, J., Kaur, J., Smith, F.D., Jeffay, K.: Variability in TCP Round-Trip Times. In: Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement Conference, pp. 279–284 (2003)Google Scholar
  12. 12.
    Stevens, W.R.: TCP/IP Illustrated. The Protocols, vol. 1. Addison-Wesley, Reading (1999)MATHGoogle Scholar
  13. 13.
    Kobayashi, T.H., Batista Jr., A.B., Brito Jr., A.M., Motta Pires, P.S.: Using a Packet Manipulation Tool for Security Analysis of Industrial Network Protocols. In: IEEE Conference on Emerging Technology and Factory Automation, ETFA 2007, Patras, Greece, September 25-28, pp. 744–747 (2007)Google Scholar
  14. 14.
    Wireshark: Go Deep, http://www.wireshark.org/
  15. 15.
    CVE-2003-0352. Common Vulnerabilities and Exposures, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0352
  16. 16.
    CVE-1999-0357. Common Vulnerabilities and Exposures, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0357

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Tiago H. Kobayashi
    • 1
  • Aguinaldo B. BatistaJr.
    • 1
  • João Paulo S. Medeiros
    • 1
  • José Macedo F. Filho
    • 1
  • Agostinho M. BritoJr.
    • 1
  • Paulo S. Motta Pires
    • 1
  1. 1.LabSIN - Security Information Laboratory Department of Computer Engineering and Automation - DCAFederal University of Rio Grande do Norte - UFRNNatalBrazil

Personalised recommendations