Computer Science

Computer Science ›› 2015, Vol. 42 ›› Issue (11): 212-216.doi: 10.11896/j.issn.1002-137X.2015.11.044

Previous Articles     Next Articles

Design of Modbus TCP Industrial Control Network Protocol Abnormal Data Detection Rules Based on Snort

JIANG Wei-wei, LIU Guang-jie and DAI Yue-wei   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

980

Abstract: The vulnerability of industrial control network communication protocol is the main reason on industrial control network suffering from attacks.The vulnerability of Modbus TCP which is the typical industrial control network communication protocol was analyzed and synthesized.The abnormal behaviors of Modbus TCP were analyzed and categorized according to the detection mechanisms exploited by Snort,and the detection rule template defined in Snort for anomaly Modbus TCP data was constructed.According to the corresponding analysis,the rule template designing methodcan be generally extended to other network-based industrial control protocols.

Key words: Industrial control network security,Modbus TCP protocol,Vulnerability analysis,Snort rule template

[1] 张运凯,王长广,王方伟,等.“震荡波”蠕虫分析与防范[J].计算机工程,2005,1(18):65-67Zhang Yun-kai,Wang Chang-guang,Wang Fang-wei,et al.Other “Sasser” worm analysis and prevention [J].Computer Enginee-ring,2005,1(18):65-67
[2] Beaumont P.Stuxnet worm heralds new era of global cyberwar[N].London:Guardian.co.uk,2010-9-30(16)
[3] Ardisk K.Stuxnet病毒引发的嵌入式系统安全性考虑[J].电子技术设计,2013(3):49-50 Ardisk K.Stuxnet virus triggered embedded system security considerations [J].Electronic Technology Design,2013(3):49-50
[4] 高国辉.西门子被曝工业系统漏洞或影响多数工业化国家[N].南方日报,2011-6-8(A18) Gao Guo-hui.Siemens traced to industrial system vulnerabilities or affected most industrialized countries [N].Nanfang Daily,2011-6-8(A18)
[5] Bencsáth B,Pék G,Buttyán L,et al.Duqu:Analysis,detection,and lessons learned[C]∥ACM European Workshop on System Security (EuroSec).2012
[6] 纪芳.Flame病毒深度分析及防范技术[J].信息网络安全,2012(12):67-69 Ji Fang.Flame virus-depth analysis and prevention techniques [J].Information Network Security,2012(12):67-69
[7] 李鸿培.工业控制系统及其安全性研究报告[R].绿盟科技,2013 Li Hong-pei.Industrial control systems and safety research report [R].NSFOCUS,2013
[8] 卢慧康.工业控制系统脆弱性测试与风险评估研究[D].上海:华东理工大学,2014 Lu Hui-kang.Industrial control systems vulnerability testing and risk assessment studies [D].Shanghai:East China University of Technology,2014
[9] Morris T H,Jones B A,Vaughn R B,et al.Deterministic intrusion detection rules for MODBUS protocols[C]∥2013 46th Hawaii International Conference on System Sciences (HICSS).IEEE,2013:1773-1781
[10] Fovino I N,Carcano A,De Lacheze Murel T,et al.Modbus/DNP3 state-based intrusion detection system[C]∥2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA).IEEE,2010:729-736
[11] Quickdraw scada IDS[EB/OL].[2014-09-25].http://www.digitalbond.com/tools/quickdraw/
[12] Modbus Application Protocol Specification V1.1b[DB/OL].[2014-09-25].http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
[13] MODBUS over Serial Line Specification and ImplementationGuide V1.02[DB/OL].http://www.modbus.org/docs/Modbus_over_serial_line_V1_02.pdf
[14] MODBUS Messaging on TCP/IP Implementation Guide V11[DB/OL].[2014-09-25].http://www.electroind.com/pdf/Modbus_messaging_on_TCPIP_implementation_guide_V11.pdf
[15] Roesch Martin,Green Chris.Snort users manual 2.9.6[EB/OL].[2014-09-25].http://manual.snort.org/
[16] 卞峥嵘.Backtracks从入门到精通[M].国防工业出版社,2012 Bian Zheng-rong.Backtracks From Novice to Professional [M].National Defense Industry Press,2012
[17] Blanchette J,Summerfield M.C++ GUI programming with Qt 4[M].Prentice Hall Professional,2006
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.