Abstract
SCADA systems have been upgraded from the standard serial bus systems to modern TCP/IP based systems. The Modbus protocol is one of the most widely used protocols in SCADA networks. However, it provides no inherent security mechanisms. Therefore, the Modbus protocol is susceptible to the type of attack that injects false Modbus commands by fabrication or modification. In this paper, we propose an abnormal behavior detection method by using normal traffic pattern learning on Modbus/TCP transactions. Our approach is based on the characteristics of SCADA networks that are likely to have a regular traffic pattern. Most of all, the proposed method is performed according to the analysis of only Modbus/TCP request messages. Therefore, it has the benefit of detecting abnormal behavior on even with the simple traffic pattern learning.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
