Biblio
In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.
The Modbus/TCP protocol is commonly used in the industrial control systems for communications between the human-machine interface and the industrial controllers. This paper proposes a real-time intrusion detection method based on bidirectional access of the Modbus/TCP protocol. The method doesnt require key observation that Modbus/TCP traffic to and from master device or slave device is periodic. Anomaly detection can be realized in time by the method after checking only two packets. And even though invader modifies the legal function code to another legal one in the packet from master device to slave device, the method can also figure it out. The test results show that the presented method has traits of timeliness, low false positive rate and low false negative rate.