Cyber threats and intrusion detection for MODBUS-based SCADA system

doi:10.3778/j.issn.1002-8331.1606-0409

Computer Engineering and Applications ›› 2017, Vol. 53 ›› Issue (24): 122-128.DOI: 10.3778/j.issn.1002-8331.1606-0409

Previous Articles Next Articles

Cyber threats and intrusion detection for MODBUS-based SCADA system

LV Xuefeng1，2, JIANG Liehui1，2, MENG Huan2

1.Information Engineering University, Zhengzhou 450001, China
2.State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

Online:2017-12-15 Published:2018-01-09

基于MODBUS的SCADA系统网络威胁与入侵检测

吕雪峰1，2，蒋烈辉1，2，孟奂2

1.信息工程大学，郑州 450001
2.数学工程与先进计算国家重点实验室，郑州 450001

Abstract

Abstract: Supervisory Control And Data Acquisition （SCADA） system is a key part of national infrastructure, however it is suffering from various cyber attacks these years. Firstly the vulnerability of SCADA communication protocol is analyzed, then 23 cyber threats that a MODBUS-based SCADA system might suffer from are described. These cyber threats can be classified into four categories：Information scanning, response injection, command injection and denial of service. Taking advantage that SCADA system interacts with physical system, detection rules based on protocol vulnerability and system state are proposed. Snort-based intrusion detection experiment is conducted on a gas transmission pipeline system in laboratory, the experiment results validate the detection rules.

Key words: Supervisory Control And Data Acquisition（SCADA） system, MODBUS, cyber threat, intrusion detection, Snort

摘要： 数据采集与监视控制（SCADA）系统是国家基础设施的重要组成部分，然而近年来SCADA系统一直遭受网络攻击的威胁。在分析SCADA通信协议脆弱性的基础上，描述了23种基于MODBUS的SCADA系统可能面临的网络威胁，这些威胁可分为四大类：信息扫描、响应注入、命令注入以及拒绝服务。利用SCADA系统与物理系统交互的特性，设计了基于协议缺陷和基于系统状态的检测规则。在实验室天然气管道系统的环境下，进行了基于Snort的入侵检测实验，结果验证了入侵检测规则的有效性。

关键词: 数据采集与监视控制系统, MODBUS, 网络威胁, 入侵检测, Snort

LV Xuefeng1，2, JIANG Liehui1，2, MENG Huan2. Cyber threats and intrusion detection for MODBUS-based SCADA system[J]. Computer Engineering and Applications, 2017, 53(24): 122-128.

吕雪峰1，2，蒋烈辉1，2，孟奂2. 基于MODBUS的SCADA系统网络威胁与入侵检测[J]. 计算机工程与应用, 2017, 53(24): 122-128.

[1]	WANG Zhendong, ZHANG Lin, LI Dahai. Survey of Intrusion Detection Systems for Internet of Things Based on Machine Learning [J]. Computer Engineering and Applications, 2021, 57(4): 18-27.
[2]	CAO Lei, LI Zhanbin, YANG Yongsheng, ZHAO Longfei. Intrusion Detection Method Based on Two-Layer Attention Networks [J]. Computer Engineering and Applications, 2021, 57(19): 142-149.
[3]	SHEN Shaoyu, CAI Manchun, LU Tianliang, ZHAO Qi. Intrusion Detection Algorithm based on LFKPCA-DWELM [J]. Computer Engineering and Applications, 2021, 57(17): 130-137.
[4]	GONG Junhui, HU Xiaohui, DU Yongwen. Research on Selection of Optimal Defense Strategy Based on Evolutionary Game [J]. Computer Engineering and Applications, 2021, 57(13): 116-123.
[5]	ZHU Zhishen，LING Jie，LIN Peng. Data Integrity Checking Technology of Industrial Control System Based on Covert Channel [J]. Computer Engineering and Applications, 2020, 56(9): 125-130.
[6]	LI Jiayue, ZHAO Bo, LI Xiang, LIU Hui, LIU Yifan, ZOU Jianwen. Network Traffic Anomaly Prediction Method Based on Deep Learning [J]. Computer Engineering and Applications, 2020, 56(6): 39-50.
[7]	CHEN Hong, WANG Runting, XIAO Chenglong, GUO Pengfei, HUANG Jie, CHEN Honglin. Research on Intrusion Detection Model Based on DBN-XGBDT [J]. Computer Engineering and Applications, 2020, 56(22): 83-91.
[8]	DI Chong, LI Tong. Network Unknown Attack Detection with Deep Learning [J]. Computer Engineering and Applications, 2020, 56(22): 109-116.
[9]	WANG Pan, SONG Xuehua, WANG Changda, CHEN Feng, XU Xiaqiang, CAI Guanyu. Intrusion Detection Method Based on Improved Deep Belief Network [J]. Computer Engineering and Applications, 2020, 56(20): 87-92.
[10]	CHEN Hong, ZHAO Jianzhi, XIAO Chenglong, CHEN Jianhu, XIAO Yue. Research on Improved Intrusion Detection Model of ADASYN-SDA [J]. Computer Engineering and Applications, 2020, 56(2): 97-105.
[11]	YANG Yanrong, SONG Rongjie, ZHOU Zhaoyong. Network Intrusion Detection Method Based on GAN-PSO-ELM [J]. Computer Engineering and Applications, 2020, 56(12): 66-72.
[12]	WU Depeng, LIU Yi. Intrusion Detection Model Based on Self-Organizing Map of Variable Network Structure [J]. Computer Engineering and Applications, 2020, 56(12): 81-86.
[13]	LIU Yuefeng1, WANG Cheng1, ZHANG Yabin1, YUAN Jianghao2. Multiscale Convolutional CNN Model for Network Intrusion Detection [J]. Computer Engineering and Applications, 2019, 55(3): 90-95.
[14]	JIANG Xinlan, JIA Wenbo. Machine Vision Detection Method for Foreign Object Intrusion in High-Speed Rail Contact Net [J]. Computer Engineering and Applications, 2019, 55(22): 250-257.
[15]	MA Zhanfei1, YANG Jin2, JIN Yi2, BIAN Qi3. Network Intrusion Detection Method Based on IQPSO-IDE Algorithm [J]. Computer Engineering and Applications, 2019, 55(10): 115-120.

Cyber threats and intrusion detection for MODBUS-based SCADA system

基于MODBUS的SCADA系统网络威胁与入侵检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics