Practical Modbus flooding attack and detection

Autoria(s): Bhatia, Sajal; Kush, Nishchal; Djamaludin, Chris; Akande, Ayodeji; Foo, Ernest
Contribuinte(s)

Parampalli, Udaya

Welch, Ian
Data(s)

01/01/2014
Resumo

The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.
Formato

application/pdf
Identificador

http://eprints.qut.edu.au/66228/
Publicador

Australian Computer Society, Inc.
Relação

http://eprints.qut.edu.au/66228/1/aisc-2013.pdf

http://crpit.com/Vol149.html

Bhatia, Sajal, Kush, Nishchal, Djamaludin, Chris, Akande, Ayodeji, & Foo, Ernest (2014) Practical Modbus flooding attack and detection. In Parampalli, Udaya & Welch, Ian (Eds.) Proceedings of the Twelfth Australasian Information Security Conference (AISC 2014) [Conferences in Research and Practice in Information Technology, Volume 149], Australian Computer Society, Inc., Auckland University of Technology, Auckland, pp. 57-65.
Direitos

Copyright 2014 Australian Computer Society, Inc.

This paper appeared at the Australasian Information Security Conference(ACSW-AISC 2014), Auckland, New Zealand, January 2014. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 149, Udaya Parampalli and Ian Welch, Ed. Reproduction for academic, not-for-profit purposes permitted provided this text is included.
Fonte

School of Electrical Engineering & Computer Science; Institute for Future Environments; Science & Engineering Faculty
Palavras-Chave #089999 Information and Computing Sciences not elsewhere classified #Modbus #Denial-of-Service (DoS) #Change Detection #Intrusion Detection
Tipo

Conference Paper
Acesso ao item digital