Real-Time Intrusion Detection Method Based on Bidirectional Access of Modbus/TCP Protocol
| Title | Real-Time Intrusion Detection Method Based on Bidirectional Access of Modbus/TCP Protocol |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Xin, Xiaoshuai, Liu, Cancheng, Wang, Bin |
| Conference Name | Proceedings of the 2017 International Conference on Cryptography, Security and Privacy |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4867-6 |
| Keywords | Bidirectional access, ICS Anomaly Detection, Modbus/TCP function code, pubcrawl, Real-time intrusion detection, resilience, Resiliency, Scalability |
| Abstract | The Modbus/TCP protocol is commonly used in the industrial control systems for communications between the human-machine interface and the industrial controllers. This paper proposes a real-time intrusion detection method based on bidirectional access of the Modbus/TCP protocol. The method doesnt require key observation that Modbus/TCP traffic to and from master device or slave device is periodic. Anomaly detection can be realized in time by the method after checking only two packets. And even though invader modifies the legal function code to another legal one in the packet from master device to slave device, the method can also figure it out. The test results show that the presented method has traits of timeliness, low false positive rate and low false negative rate. |
| URL | http://doi.acm.org/10.1145/3058060.3058069 |
| DOI | 10.1145/3058060.3058069 |
| Citation Key | xin_real-time_2017 |