Implementation and Detection of Modbus Cyberattacks

Radoglou-Grammatikis, Panagiotis; Siniosoglou, Ilias; Liatifis, Athanasios; Kourouniadis, Anastasios; Rompolos, Konstantinos; Sarigiannidis, Panagiotis

doi:10.1109/mocast49295.2020.9200287

Cited by 21 publications

(15 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…During the pre-processing step, the data is formatted utilising a sliding window of 30 instances and is normalized in the range of [0, 1]. On the other side, regarding the validation of MENSA for anomaly classification, the Modbus/TCP cyberattacks of Table I were emulated in a safe manner, utilising Smod [47]. Regarding the DNP3 cyberattacks, the intrusion detection dataset of Rodofile et al [48] was combined with normal DNP3 network flows of the substation environment.…”

Section: B Datasets and Comparative Methodsmentioning

confidence: 99%

“…Our previous work in [46] could detect only Modbus/TCP anomalies. In contrast, this paper examines and detects a plethora of Modbus/TCP cyberattacks that can be performed by Smod [47], a widely known penetration-testing tool related to Modbus.…”

Section: Related Workmentioning

confidence: 99%

“…Both Modbus and DNP3 are characterised by severe security issues since they were not constructed having cybersecurity in mind [2]. In our previous work in [47]…”

Section: A Modbus/tcp and Dnp3 Threat Identificationmentioning

confidence: 99%

See 2 more Smart Citations

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

Siniosoglou

Radoglou-Grammatikis

Efstathopoulos³

et al. 2021

IEEE Trans. Netw. Serv. Manage.

Self Cite

102

View full text Add to dashboard Cite

The interconnected and heterogeneous nature of the next-generation Electrical Grid (EG), widely known as Smart Grid (SG), bring severe cybersecurity and privacy risks that can also raise domino effects against other Critical Infrastructures (CIs). In this paper, we present an Intrusion Detection System (IDS) specially designed for the SG environments that use Modbus/Transmission Control Protocol (TCP) and Distributed Network Protocol 3 (DNP3) protocols. The proposed IDS called MENSA (anoMaly dEtection aNd claSsificAtion) adopts a novel Autoencoder-Generative Adversarial Network (GAN) architecture for (a) detecting operational anomalies and (b) classifying Modbus/TCP and DNP3 cyberattacks. In particular, MENSA combines the aforementioned Deep Neural Networks (DNNs) in a common architecture, taking into account the adversarial loss and the reconstruction difference. The proposed IDS is validated in four real SG evaluation environments, namely (a) SG lab, (b) substation, (c) hydropower plant and (d) power plant, solving successfully an outlier detection (i.e., anomaly detection) problem as well as a challenging multiclass classification problem consisting of 14 classes (13 Modbus/TCP cyberattacks and normal instances). Furthermore, MENSA can discriminate five cyberattacks against DNP3. The evaluation results demonstrate the efficiency of MENSA compared to other Machine Learning (ML) and Deep Learning (DL) methods in terms of Accuracy, False Positive Rate (FPR), True Positive Rate (TPR) and the F1 score.

show abstract

Section: B Datasets and Comparative Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

Siniosoglou

Radoglou-Grammatikis

Efstathopoulos³

et al. 2021

IEEE Trans. Netw. Serv. Manage.

Self Cite

102

View full text Add to dashboard Cite

show abstract

“…The aforementioned cyberattacks are implemented by Smod, a widely known pen-testing tool related to Modbus [39,40]. The Modbus Network Flow-Based Anomaly Detection Model adopts the DIDEROT Autoencoder [41], identifying anomalous Modbus/TCP network flows.…”

Section: Big Data Analysis Enginementioning

confidence: 99%

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

et al. 2021

Self Cite

View full text Add to dashboard Cite

The technological leap of smart technologies has brought the conventional electrical grid in a new digital era called Smart Grid (SG), providing multiple benefits, such as two-way communication, pervasive control and self-healing. However, this new reality generates significant cybersecurity risks due to the heterogeneous and insecure nature of SG. In particular, SG relies on legacy communication protocols that have not been implemented having cybersecurity in mind. Moreover, the advent of the Internet of Things (IoT) creates severe cybersecurity challenges. The Security Information and Event Management (SIEM) systems constitute an emerging technology in the cybersecurity area, having the capability to detect, normalise and correlate a vast amount of security events. They can orchestrate the entire security of a smart ecosystem, such as SG. Nevertheless, the current SIEM systems do not take into account the unique SG peculiarities and characteristics like the legacy communication protocols. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) SIEM, which focuses on SG. The main contribution of our work is the design and implementation of a SIEM system capable of detecting, normalising and correlating cyberattacks and anomalies against a plethora of SG application-layer protocols. It is noteworthy that the detection performance of the SPEAR SIEM is demonstrated with real data originating from four real SG use case (a) hydropower plant, (b) substation, (c) power plant and (d) smart home.

show abstract

“…The vulnerable nature of EPES/SG is mainly related to the legacy Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. Such systems utilise insecure communication protocols, such as Modbus [5], Distributed Network Protocol 3 (DNP3) [6] and IEC 60870-5-104 [7], that have not been designed with the essential authentication and authorisation mechanisms. While both academia and industry have already provided useful security solutions, such as the IEC 62351 standard, unfortunately, many vendors and manufacturers cannot adopt them, especially in real-time.…”

Section: Introductionmentioning

confidence: 99%

SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture

Radoglou-Grammatikis

Sarigiannidis

Dalamagkas

et al. 2021

Digital

Self Cite

View full text Add to dashboard Cite

The technological leap of smart technologies and the Internet of Things has advanced the conventional model of the electrical power and energy systems into a new digital era, widely known as the Smart Grid. The advent of Smart Grids provides multiple benefits, such as self-monitoring, self-healing and pervasive control. However, it also raises crucial cybersecurity and privacy concerns that can lead to devastating consequences, including cascading effects with other critical infrastructures or even fatal accidents. This paper introduces a novel architecture, which will increase the Smart Grid resiliency, taking full advantage of the Software-Defined Networking (SDN) technology. The proposed architecture called SDN-microSENSE architecture consists of three main tiers: (a) Risk assessment, (b) intrusion detection and correlation and (c) self-healing. The first tier is responsible for evaluating dynamically the risk level of each Smart Grid asset. The second tier undertakes to detect and correlate security events and, finally, the last tier mitigates the potential threats, ensuring in parallel the normal operation of the Smart Grid. It is noteworthy that all tiers of the SDN-microSENSE architecture interact with the SDN controller either for detecting or mitigating intrusions.

show abstract

Implementation and Detection of Modbus Cyberattacks

Cited by 21 publications

References 11 publications

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments

SPEAR SIEM: A Security Information and Event Management system for the Smart Grid

SDN-Based Resilient Smart Grid: The SDN-microSENSE Architecture

Contact Info

Product

Resources

About