Biblio
This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek.
Industrial Control Systems (ICSs) are widely used in critical infrastructure around the world to provide services that sustain peoples' livelihoods and economic operations. However, compared with the critical infrastructure, the security of the ICS itself is still insufficient, and there will be a degree of damage, if it is attacked or invaded. In the past, an ICS was designed to operate in a traditional closed network, so the industrial equipment and transmission protocol lacked security verification. In addition, an ICS has high availability requirements, so that its equipment is rarely replaced and upgraded. Although many scholars have proposed the defense mechanism that is applicable to ICS in the past, there is still a lack of tested means to verify these defense technologies. The purpose of this study is to analyze the security of a system using the Modbus transmission protocol in an ICS, to establish a modular security test system based on four types of attacks that have been identified in the past literature, namely, a detection attack, a command injection attack, a response injection attack and a denial of service, to implement the attack results and to display the process in the virtual environment of Conpot and Rapid SCADA, and finally, to adopt the ICS security standards mentioned by previous scholars, namely, confidentiality, integrity and availability, as the performance evaluation criteria of this study.