Abstract
Modbus/TCP, which is a widely used industrial communication protocol, has serious security flaws because of its openness and simplicity, and developing security mechanisms based on Modbus/TCP is very hot topic. However, it is an onerous task to set rules manually for these security mechanisms. In this paper, we propose a clustering-based self-learning approach for security rules to facilitate the rule setting when carrying out the Modbus/TCP defense. Furthermore, our approach analyzes the address information from Modbus/TCP packets in depth, and automatically learns the address range setting in the white-listing rules by using the K-means algorithm. Our experimental results show that, the proposed approach is very available and effective to generate the white-listing rules for Modbus/TCP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Genge, B., Fovino, I.N., Siaterlis, C., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Proceedings of 5th IFIP Advances in Information and Communication Technology, NH, USA, pp. 167–183 (2011)
Cheminod, M., Durante, L., Valenzano, A.: Review of security issues in industrial networks. IEEE Trans. Ind. Inform. 9(1), 277–293 (2013)
ICS-CERT. ICS-CERT year in review 2015. https://ics-cert.us-cert.gov/Year-Review-2015 (2016)
Shao, C., Zhong, L.G.: An information security solution scheme of industrial control system based on trusted computing. Inf. Control 44(5), 628–633 (2015)
Wan, M., Shang, W.L., Kong, L.H., Zeng, P.: Content-based deep communication control for networked control system. Telecommun. Syst. 65(1), 155–168 (2017)
Cheminod, M., Durante, L., Valenzano, A., Zunino, C.: Performance impact of commercial industrial firewalls on networked control systems. In: Proceedings of 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation, Berlin, Germany, pp. 1–8 (2016)
Han, S., Xie, M., Chen, H.H., Ling, Y.: Intrusion detection in Cyber physical systems: techniques and challenges. IEEE Syst. J. 8(4), 1052–1062 (2014)
Zhu, B., Sastry, S.: SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. In: Proceedings of the First Workshop on Secure Control Systems (SCS’10), Stockholm, Sweden, pp. 1–16 (2010)
Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63–75 (2013)
Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the Modbus protocols. Int. J. Crit. Infrastruct. Prot. 1, 37–44 (2008)
Modbus-IDA. Modbus messaging on TCP/IP implementation guide v1.0a. http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0a.pdf
Wan, M., Shang, W., Zeng, P., Zhao, J.: Modbus/TCP communication control method based on deep function code inspection. Inf. Control 45(2), 248–256 (2016)
Singhal, G., Panwar, S., Jain, K., Banga, D.: A comparative study of data clustering algorithm. Int. J. Comput. Appl. 83(15), 41–46 (2013)
Acknowledgment
This work is supported by the National Natural Science Foundation of China (Grant No. 61501447). The authors are grateful to the anonymous referees for their insightful comments and suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Wan, M., Shang, W., Zeng, P. (2018). Clustering-Based Self-learning Approach for Security Rules in Industrial Communication Protocol. In: Qiao, F., Patnaik, S., Wang, J. (eds) Recent Developments in Mechatronics and Intelligent Robotics. ICMIR 2017. Advances in Intelligent Systems and Computing, vol 690. Springer, Cham. https://doi.org/10.1007/978-3-319-65978-7_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-65978-7_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-65977-0
Online ISBN: 978-3-319-65978-7
eBook Packages: EngineeringEngineering (R0)