Abstract
SCADA systems have been upgraded from the standard serial bus systems to modern TCP/IP based systems. The Modbus protocol is one of the most widely used protocols in SCADA networks. However, it provides no inherent security mechanisms. Therefore, the Modbus protocol is susceptible to the type of attack that injects false Modbus commands by fabrication or modification. In this paper, we propose an abnormal behavior detection method by using normal traffic pattern learning on Modbus/TCP transactions. Our approach is based on the characteristics of SCADA networks that are likely to have a regular traffic pattern. Most of all, the proposed method is performed according to the analysis of only Modbus/TCP request messages. Therefore, it has the benefit of detecting abnormal behavior on even with the simple traffic pattern learning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Fovino, I.N., et al.: Critical State-Based Filtering System for Securing SCADA Network Protocols. IEEE Transactions on Industrial Electronics 59(10), 3943–3950 (2012)
Huitsing, P., et al.: Attack Taxonomies for the Modbus Protocols. International Journal of Critical Infrastructure Protection 1, 37–44 (2008)
Bhatia, S., et al.: Practical Modbus Flooding Attack and Detection. In: ACSW-AISC 2014, vol. 149, pp. 20–23. Australian Computer Society Inc. (2014)
Miron, Y.: SCADA Dismal, or Bang-bang SCADA. In: Power of Community (POC 2011), pp. 3–4 (2011)
MODBUS Messaging on TCP/IP Implementation Guide v1.0b (2006)
Valdes, A., Cheung, S.: Communication Pattern Anomaly Detection in Process Control Systems. In: HST 2009, pp. 22–29 (2009)
Morris, T.H., et al.: Deterministic Intrusion Detection Rules for MODBUS Protocols. In: 46th HICSS, pp. 1773–1781 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, BK., Kang, DH., Na, JC., Chung, TM. (2015). Detecting Abnormal Behavior in SCADA Networks Using Normal Traffic Pattern Learning. In: Park, J., Stojmenovic, I., Jeong, H., Yi, G. (eds) Computer Science and its Applications. Lecture Notes in Electrical Engineering, vol 330. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45402-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-662-45402-2_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45401-5
Online ISBN: 978-3-662-45402-2
eBook Packages: EngineeringEngineering (R0)