Attack taxonomies for the Modbus protocols

Huitsing, Peter; Chandia, Rodrigo; Papa, Mauricio; Shenoi, Sujeet

doi:10.1016/j.ijcip.2008.08.003

Cited by 186 publications

(107 citation statements)

References 0 publications

Supporting

Mentioning

105

Contrasting

Unclassified

Order By: Relevance

“…Altered process measurements can lead operators to take incorrect control actions based on malicious fake data and injected commands can cause systems to take unwanted control actions (Huang, et al, 2009;Sridhar, & Manimaran, 2010). A separate comprehensive attack taxonomy with some overlap with this paper is available in (Huitsing, Chandia, Papa, & Shenoi, 2008). In summary, cyber penetration of control systems monitoring and controlling MODBUS based industrial control systems can lead to loss of the visibility and control.Industrial control systems implement feedback control loops to monitor and control the systems.…”

Section: Background and Related Workmentioning

confidence: 99%

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Gao¹,

Morris²

2014

JDFSL

View full text Add to dashboard Cite

Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Gao¹,

Morris²

2014

JDFSL

View full text Add to dashboard Cite

show abstract

“…However, TCP/IP protocols also suffer from several vulnerabilities to attacks, such as denial of service (DoS), packet sniffing, spoofing, process table, TCP sequence number generation, IP half scan attacks and others [22][23][24][25][26][27][28][29][30][31][32]48,49]. Security mechanisms, including SSL/TLS, SHH and IPSec, have been employed but these solutions have a limitation in terms of the communication protocol dependencies and security dependencies of the cryptography that has been implemented [25,29,30].…”

mentioning

confidence: 99%

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Shahzad

Lee

et al. 2015

Symmetry

View full text Add to dashboard Cite

Information technology (IT) security has become a major concern due to the growing demand for information and massive development of client/server applications for various types of applications running on modern IT infrastructure. How has security been taken into account and which paradigms are necessary to minimize security issues while increasing efficiency, reducing the influence on transmissions, ensuring protocol independency and achieving substantial performance? We have found cryptography to be an absolute security mechanism for client/server architectures, and in this study, a new security design was developed with the MODBUS protocol, which is considered to offer phenomenal performance for future development and enhancement of real IT infrastructure. This study is also considered to be a complete development because security is tested in almost all ways of MODBUS communication. The computed measurements are evaluated to validate the overall development, and the results indicate a substantial improvement in security that is differentiated from conventional methods. OPEN ACCESSSymmetry 2015, 7 1177

show abstract

“…For instance, attack taxonomies have been proposed for two popular SCADA protocols, Modbus [77] and DPN3 [52]. The problem of threat analysis, that is, evaluating the impact that attacks and failures have in the controlled infrastructures, has been studied in [6,7,31,140].…”

Section: General Aspectsmentioning

confidence: 99%

“…The goal of the attacker is to send malicious commands to the PLC over a Modbus connection. For instance, consider the diagnostic register reset attack described in [77]. This attack consists of sending a message with a specific function code, causing the target to clear all counters and its diagnostic register, potentially causing the target to misbehave.…”

Section: Attack Scenario and Research Questionsmentioning

confidence: 99%

See 1 more Smart Citation

Anomaly detection in SCADA systems : a network based approach

Barbosa¹

View full text Add to dashboard Cite

Attack taxonomies for the Modbus protocols

Cited by 186 publications

References 0 publications

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems

Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information

Anomaly detection in SCADA systems : a network based approach

Contact Info

Product

Resources

About