Paper Titles

Oil Supply Characteristic Test and Application of Fuel Injection Pump for Diesel Engine
p.1717

Parameter Identification and Attitude Control of Ducted Fan UAVs
p.1721

Identification of Physical Parameters in a Robotized IPC Device Interacting with Human
p.1729

An Optimized RFID Unidirectional Authentication Method
p.1734

Improved AdaBoost Based Infrared Object Detection Algorithm
p.1739

Modbus/TCP Communication Anomaly Detection Based on PSO-SVM
p.1745

Research of Fuzzy Neural Network in the Fault Diagnosis of Numerically-Controlled Machine Tool
p.1754

Identification of Critical Factors to System Performance Using Availability Modeling and Simulation Analysis
p.1759

Driving Control of a Powered Wheelchair by Voluntary Eye Blinking and with Environment Recognition
p.1764

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 490-491Modbus/TCP Communication Anomaly Detection Based...

Modbus/TCP Communication Anomaly Detection Based on PSO-SVM

Article Preview

Abstract:

Industrial firewall and intrusion detection system based on Modbus TCP protocol analysis and whitelist policy cannot effectively identify attacks on Modbus controller which exactly take advantage of the configured rules. An Industrial control systems simulation environment is established and a data preprocessing method for Modbus TCP traffic captured is designed to meet the need of anomaly detection module. Furthermore a Modbus function code sequence anomaly detection model based on SVM optimized by PSO method is designed. And the model can effectively identify abnormal Modbus TCP traffic, according to frequency of different short mode sequences in a Modbus code sequence.

You might also be interested in these eBooks

Mechanical Design and Power Engineering

Info:

Periodical:

Applied Mechanics and Materials (Volumes 490-491)

Pages:

1745-1753

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.490-491.1745

Citation:

Cite this paper

Online since:

January 2014

Authors:

Wen Li Shang, Sheng Shan Zhang, Ming Wan

Keywords:

Industrial Security Gateway, Modbus Function Code, PSO, Sequence Anomaly Detection, SVM

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

© 2014 Trans Tech Publications Ltd. All Rights Reserved

Share:

Citation:

[1] Q. Z. Wei, Industrial network control system security and management, Measurement & Control Technology, vol. 32, no. 2, pp.87-92, (2013).

[2] Y. Peng, C. Q. Jiang, and F. Xie, Industrial control system cyber security research, Journal of Tsinghua University (Sci & Tech), vol. 52, no. 10, pp.1396-1405, (2013).

[3] Q. Xiong, X. W. Jing, and F. Zhan, Summary and implications for China of the information security work of the ICS system in the oil and gas industry in America, China Information Security, vol. 27, no. 3, pp.80-83, (2012).

[4] V. M. Igure, S. A. Laughter, R. D. Williams, Security issues in SCADA networks, Computers & Security, vol. 25, issue 7, pp.498-506, (2006).

DOI: 10.1016/j.cose.2006.03.001

[5] D. L. Sun and D. M. Jiang, Modbus/TCP protocol safety and its application in industrial monitoring and control system, Journal of Safety Science and Technology, vol. 2, no. 2, pp.92-95, (2006).

[6] T. T. Wang, Security Research on SCADA system data transmission, M.S. thesis, Dept. Electron. Chinese, East China University of Science and Technology, Shanghai, China, (2012).

[7] Y. G. Zhang, H. Zhao, and L. N. Wang, A non-parametric CUSUM intrusion detection method based on industrial control model, Journal of Southeast University (Natural Science Edition), vol. 42, no. 1, pp.55-59, (2012).

[8] J. Javier (July, 2011). Using SNORT for intrusion detection in MODBUSTCP/IP communications. [Online]. Available: http: /www. giac. org/paper/gcia/7218/snort-intrusion-detection-modbus-tcp-ip-communications/124438.

[9] P. Venkat and F. Matthew. Transparent Modbus TCP filtering with Linux [Online]. Available: http: /modbusfw. sourceforge. net.

[10] C. M. Xia, T. Liu, H. Z. Wang et al., Industrial control system security analysis, Information Security and Technology, no. 2, pp.13-17, (2013).

[11] Modbus Industrial Automation Network Specification—Part 1: Modbus Application Protocol, GB/T 19582. 1-(2008).

[12] Modbus Industrial Automation Network Specification —Part 3：Modbus Protocol Implementation Guide Over TCP/IP, GB/T 19582. 3-(2008).

[13] E. Kanpp, Industrial Network Security Securing Critical Infrastructure Networks for Smart Grid, SCADA, and other Industrial Control System, MA: Syngress, 2011, ch. 4, pp.55-60.

[14] P. Huitsing, R. Chandia, M. Papa et al., Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp.37-44, (2008).

DOI: 10.1016/j.ijcip.2008.08.003

[15] K. L. Li, J. Z. Zhao, H. K. Huang et al., An intrusion detection method based on SVM, Information and Control, vol. 32, no. 6, pp.495-499, (2003).

[16] G. C. Chen and J. S. Yu, Particle swarm optimization algorithm, Information and Control, vol. 34, no. 3, pp.318-323, (2005).

[17] B. Jiang, N. Wang, and L. P. Wang, Particle swarm optimization with age-group topology for multimodal functions and data clustering, Communications in Nonlinear Science and Numerical Simulation, vol. 18, no. 11, pp.3134-3145, (2013).

DOI: 10.1016/j.cnsns.2013.03.011

[18] F. J. Cabrerizo, E. Herrera-Viedma, and W. Pedrycz, A method based on PSO and granular computing of linguistic information to solve group decision making problems defined in heterogeneous contexts, European Journal of Operational Research, vol. 230, no. 3, pp.624-633, (2013).

DOI: 10.1016/j.ejor.2013.04.046

[19] X. G. Zhang, Introduction to Statistiacl Learning Theory and Support Vector Machines, ACTA Automation, no. 1, pp.32-40, (2006).

[20] L. Li and X. L. Zhang, Optimization of SVM with RBF kernel, Computer Engineering and Applications, no. 29, pp.190-204, (2006).