计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (24): 122-128.DOI: 10.3778/j.issn.1002-8331.1606-0409

• 网络、通信与安全 • 上一篇    下一篇

基于MODBUS的SCADA系统网络威胁与入侵检测

吕雪峰1,2,蒋烈辉1,2,孟  奂2   

  1. 1.信息工程大学,郑州 450001
    2.数学工程与先进计算国家重点实验室,郑州 450001
  • 出版日期:2017-12-15 发布日期:2018-01-09

Cyber threats and intrusion detection for MODBUS-based SCADA system

LV Xuefeng1,2, JIANG Liehui1,2, MENG Huan2   

  1. 1.Information Engineering University, Zhengzhou 450001, China
    2.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China
  • Online:2017-12-15 Published:2018-01-09

摘要: 数据采集与监视控制(SCADA)系统是国家基础设施的重要组成部分,然而近年来SCADA系统一直遭受网络攻击的威胁。在分析SCADA通信协议脆弱性的基础上,描述了23种基于MODBUS的SCADA系统可能面临的网络威胁,这些威胁可分为四大类:信息扫描、响应注入、命令注入以及拒绝服务。利用SCADA系统与物理系统交互的特性,设计了基于协议缺陷和基于系统状态的检测规则。在实验室天然气管道系统的环境下,进行了基于Snort的入侵检测实验,结果验证了入侵检测规则的有效性。

关键词: 数据采集与监视控制系统, MODBUS, 网络威胁, 入侵检测, Snort

Abstract: Supervisory Control And Data Acquisition (SCADA) system is a key part of national infrastructure, however it is suffering from various cyber attacks these years. Firstly the vulnerability of SCADA communication protocol is analyzed, then 23 cyber threats that a MODBUS-based SCADA system might suffer from are described. These cyber threats can be classified into four categories:Information scanning, response injection, command injection and denial of service. Taking advantage that SCADA system interacts with physical system, detection rules based on protocol vulnerability and system state are proposed. Snort-based intrusion detection experiment is conducted on a gas transmission pipeline system in laboratory, the experiment results validate the detection rules.

Key words: Supervisory Control And Data Acquisition(SCADA) system, MODBUS, cyber threat, intrusion detection, Snort