Real-Time Intrusion Detection Method Based on Bidirectional Access of Modbus/TCP Protocol
| Autor: | Cancheng Liu, Xiaoshuai Xin, Bin Wang |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
021110 strategic
defence & security studies TCP acceleration Transmission Control Protocol Computer science business.industry Network packet 020209 energy ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 0211 other engineering and technologies 02 engineering and technology Industrial control system Intrusion detection system 0202 electrical engineering electronic engineering information engineering Zeta-TCP Anomaly detection business Modbus Computer network |
| Zdroj: | ICCSP |
| DOI: | 10.1145/3058060.3058069 |
| Popis: | The Modbus/TCP protocol is commonly used in the industrial control systems for communications between the human-machine interface and the industrial controllers. This paper proposes a real-time intrusion detection method based on bidirectional access of the Modbus/TCP protocol. The method doesnt require key observation that Modbus/TCP traffic to and from master device or slave device is periodic. Anomaly detection can be realized in time by the method after checking only two packets. And even though invader modifies the legal function code to another legal one in the packet from master device to slave device, the method can also figure it out. The test results show that the presented method has traits of timeliness, low false positive rate and low false negative rate. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|