Abstract
This paper demonstrates the effectiveness of using anomaly detection in cyclic communication as a method aimed at protecting industrial installations from steganographic communication and a wide range of cyberattacks. The analysis was performed for a method based on deterministic finite automaton and the authors’ method using cycles. In this paper, we discuss the cycle detection algorithm and graph construction as well as demonstrate an anomaly detection method for cyberattack detection that utilizes stochastic elements, such as time-to-response and time-between-messages. We present a novel algorithm that combines finite automaton determinism modeling consecutive admissible messages with a time-domain model allowing for random deviations of regularity. The study was conducted for several test scenarios, including C&C steganographic channels generated using the Modbus TCP/IP protocol. Experimental results demonstrating the effectiveness of the algorithms are presented for both methods. All algorithms described in this paper are implemented and run as part of a passive warden system embedded in a bigger commercial IDS (intrusion detection system).
Highlights
In recent years, interest in cybersecurity issues has grown significantly due to Industry4.0 [1,2,3] and IoT [4,5], autonomous cars, autonomous vacuum cleaners, and the development of “smart” devices that often cooperate or communicate with other surrounding devices
Industrial communication is characterized by high regularity, while cyclicity creates another dimension that allows deviations to be investigated. These features are used in this paper, where the authors present a method for anomaly detection in cyclic communication using the Modbus protocol
Messages sent over the Modbus protocol are analyzed
Summary
Interest in cybersecurity issues has grown significantly due to Industry4.0 [1,2,3] and IoT [4,5], autonomous cars, autonomous vacuum cleaners, and the development of “smart” devices that often cooperate or communicate with other surrounding devices. With insufficient security measures in place, adversaries are able to establish steganographic command and control channels, eavesdrop on transmitted content, modify it, or even take control of the controlled device It is especially dangerous in industrial networks (SCADA; supervisory control and data acquisition), which are used to control huge technological installations including critical infrastructure (power industry, petrochemical plants, transmission networks, etc.) [6]. Industrial communication is characterized by high regularity, while cyclicity creates another dimension that allows deviations to be investigated. These features are used in this paper, where the authors present a method for anomaly detection in cyclic communication using the Modbus protocol
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
