Abstract
Industrial Control Systems (ICS) are normally using for monitoring and controlling various process plants like Oil & Gas refineries, Nuclear reactors, Power generation and transmission, various chemical plants etc., in the world. MODBUS is the most widely used communication protocol in these ICS systems, which is using for bi-directional data transfer of sensor data between data acquisition servers and Intelligent Electronic Devices (IED) like Programmable Logic Controllers (PLC) or Remote Telemetry Unit (RTU). The security of ICS systems is a major concern in safe and secure operations of these plants. This Modbus protocol is more vulnerable to cyber security attacks because security measures were not considered in mind at the time of protocol design. Denial-of-Service (DoS) attack or flooding attack is one of the prominent attacks for MODBUS, which affects the availability of the control system. In this paper, a new method was proposed, to detect user application-level flooding or DoS attacks and triggers alarm annunciator and displays suitable alarms in Supervisory Control and Data Acquisition system (SCADA) to draw the attention of administrators or engineers to take corrective action. This method detected highest percentage of attacks with less time compared to other methods. This method also considered all types of conditions, which triggers flooding attack in MODBUS protocol.
Highlights
Industrial Control Systems (ICS) or Process Control Systems (PCS) are generally using for monitoring the field or process from a centralized location and control the field equipment to run the operations
The sectors which are very crucial for any country development in economy, social, technology are defined as National Critical Infrastructure [2]
The DoS attack by flooding Programmable Logic Controllers (PLC) using Modbus protocol can be two types; first method is to stop the required services i.e., PLC not responding the legitimate requests from SCADA Server and other one is crashing the target and seizes the services i.e PLC was busy with responding attackers requests and denies the services from legitimate SCADA Server
Summary
Industrial Control Systems (ICS) or Process Control Systems (PCS) are generally using for monitoring the field or process from a centralized location and control the field equipment to run the operations. The Industrial Control Systems are connected to corporate networks and internet for sharing of SCADA data to 3rd party systems, taking remote for debugging and maintenance of the systems This leads to security attacks and these systems are vulnerable to these cyber-attacks [5]. The Computer Emergency Response Team (CERT), an expert group that handles computer security incidents reports that the number cyber-attacks on ICS systems are increasing every year. The field data from PLC will be transferred to SCADA Servers through communication protocols like Modbus, DNP etc. Modbus is a most widely used, open, application layer communication protocol for bidirectional data transfer between PLC and SCADA Servers. It is very simple and light weight communication protocol.
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call