Abstract
With the increasing demand for security in industrial control systems, many researchers are studying industrial control systems for anomaly detection. Most of them use machine learning method to analyze and predict the traffic, but it is not enough to study the periodic characteristics of the industrial control system. This paper analyzes and studies the characteristics of the protocol field by extracting the unique protocol Modbus in the industrial control system. In this paper, the periodic characteristics of industrial control data are mined from the aspects of symbol sequence. We simulate traffic and test the proposed method which shows that it can effectively detect the periodicity of different sequences in the industrial control system and provide an auxiliary method for anomaly detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yusheng, W., et al.: Intrusion detection of industrial control system based on modbus TCP protocol. In: 2017 IEEE 13th International Symposium on Autonomous Decentralized System (ISADS), Bangkok, pp. 156–162 (2017)
Yasakethu, S.L.P., Jiang, J.: Intrusion detection via machine learning for SCADA system protection. In: Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), pp. 101–105. BCS, UK (2013)
Barbosa, R.R.R., Sadre, R., Pras, A.: Towards periodicity based anomaly detection in SCADA networks. In: Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012), Krakow, pp. 1–4 (2012)
Elfeky, M.G., Aref, W.G., Elmagarmid, A.K.: Periodicity detection in time series databases. IEEE Trans. Knowl. Data Eng. 17(7), 875–887 (2005)
Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6, 63–75 (2013). https://doi.org/10.1016/j.ijcip.2013.05.001
Stefanidis, K., Voyiatzis, A.G.: An HMM-based anomaly detection approach for SCADA systems. In: Foresti, S., Lopez, J. (eds.) Information Security Theory and Practice, WISTP 2016. Lecture Notes in Computer Science, vol 9895. Springer, Cham (2016)
Shang, W., Zhang, S., Wan, M.: Modbus/TCP communication anomaly detection algorithm based on PSO-SVM. In: Applied Mechanics and Materials, vol. 490–491, pp. 1745–1753 (2014). https://www.scientific.net/AMM.490-491.1745
Modbus industrial automation network specification - Part 3: GBT 19582.3–2008
Li, W., Li, J., He, X., Xie, X.: A method of determining network security baseline of industrial control system by traffic analysis. Bull. Sci. Technol. 34(09), 176–179 (2018)
Chanda, A.K., Ahmed, C.F., Samiullah, M., Leung, C.K.: A new framework for mining weighted periodic patterns in time series databases. Expert Syst. Appl. 79, 207–224 (2017)
Knapp, E.D., Langill, J.T.: Industrial network security: securing critical infrastructure networks for smart grid SCADA, and other industrial control systems. Syngress (2014). https://doi.org/10.1016/B978-0-12-420114-9.00018-6
Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the Modbus protocols. Int. J. Crit. Infrastruct. Prot. 1, 37–44 (2008). https://doi.org/10.1016/j.ijcip.2008.08.003
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ni, J., Yin, W., Jiang, Y., Zhao, J., Hu, Y. (2020). Periodic Mining of Traffic Information in Industrial Control Networks. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)