Security Modules for Securing Industrial Networks

conference paper

English

This article focuses on the incident detection techniques of communication in the Modbus/TCP protocol. Modbus/TCP does not implement authentication or communication encryption. Therefore, a Modbus Security Module was created allowing sniffing a specific network traffic and parsing particular information from the packets. This information is stored in a database using PostgreSQL on each master and slave station. Such a technique brings a new way to perform incident detection and to evaluate the transmitted packet's authenticity and integrity. Data taken from the database are used for an incident detection via a trained neural network. Using the presented approach, it is possible to detect all attacks targeting the slave station (originating from a non-master station). Using a neural network, it is possible to detect simulated attacks (originating from a master station) with an accuracy of 99.52 %. There is an additional authentication of individual stations using the created SSH connection between databases. For the proposal evaluation, IEEE dataset was used, where a significant increase of the neural network's accuracy was achieved using the proposed method.

Database; Incident Detection; Modbus; Neural Network; Security

HOLASOVÁ, E.; KUCHAŘ, K.; FUJDIAK, R.; BLAŽEK, P.; MIŠUREC, J.

1. 1. 2022

Institute of Electrical and Electronics Engineers Inc.

978-1-6654-3757-8

2021 2nd International Conference on Electronics, Communications and Information Technology (CECIT 2021)

1125

1132

8

https://ieeexplore.ieee.org/document/9742069