Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer

Lai, Yingxu; Gao, Huijuan; Liu, Jing

doi:10.3390/s20072040

Cited by 19 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to its documentation being readily available and it being used by modern and legacy substations (which form a significant percentage of substations worldwide [99]), Modbus TCP [100]-which is the TCP variant of Modbus [101]-is used. Furthermore, reinforcing our selection is the fact that there is current literature that is centred around its security [102], vulnerabilities [103], attack mitigation [104,105], and utilization in testbeds [106,107]. Utilizing TCP port 502, its implementation requires a client-server architecture.…”

Section: Modbus Tcpmentioning

confidence: 97%

A Trust-Influenced Smart Grid: A Survey and a Proposal

Boakye-Boateng

Ghorbani

Lashkari

2022

JSAN

View full text Add to dashboard Cite

A compromised Smart Grid, or its components, can have cascading effects that can affect lives. This has led to numerous cybersecurity-centric studies focusing on the Smart Grid in research areas such as encryption, intrusion detection and prevention, privacy and trust. Even though trust is an essential component of cybersecurity research; it has not received considerable attention compared to the other areas within the context of Smart Grid. As of the time of this study, we observed that there has neither been a study assessing trust within the Smart Grid nor were there trust models that could detect malicious attacks within the substation. With these two gaps as our objectives, we began by presenting a mathematical formalization of trust within the context of Smart Grid devices. We then categorized the existing trust-based literature within the Smart Grid under the NIST conceptual domains and priority areas, multi-agent systems and the derived trust formalization. We then proposed a novel substation-based trust model and implemented a Modbus variation to detect final-phase attacks. The variation was tested against two publicly available Modbus datasets (EPM and ATENA H2020) under three kinds of tests, namely external, internal, and internal with IP-MAC blocking. The first test assumes that external substation adversaries remain so and the second test assumes all adversaries within the substation. The third test assumes the second test but blacklists any device that sends malicious requests. The tests were performed from a Modbus server’s point of view and a Modbus client’s point of view. Aside from detecting the attacks within the dataset, our model also revealed the behaviour of the attack datasets and their influence on the trust model components. Being able to detect all labelled attacks in one of the datasets also increased our confidence in the model in the detection of attacks in the other dataset. We also believe that variations of the model can be created for other OT-based protocols as well as extended to other critical infrastructures.

show abstract

Section: Modbus Tcpmentioning

confidence: 97%

A Trust-Influenced Smart Grid: A Survey and a Proposal

Boakye-Boateng

Ghorbani

Lashkari

2022

JSAN

View full text Add to dashboard Cite

show abstract

“…The most recent Modbus update dates back to 2012, and a new security specification appeared in Modbus TCP/IP in 2018. Scientific papers related to Modbus refer in particular to Modbus TCP/IP addressing issues related to the following, among others: use as a support for communication in distributed applications [ 4 ] (mostly SCADA [ 2 ]), the implementation of access gateways (for remote connection using a TCP/IP protocol stack [ 5 ] and wireless connection implementation [ 6 ]), security and authentication [ 7 ], the detection, simulation, and modeling of unwanted attacks, anomalies, and intrusions [ 8 ], vulnerabilities [ 9 , 10 ], software for integration into the OPC UA industrial middleware [ 11 ], performance analysis in the context of the complexity of the TCP/IP stack [ 12 ], and network traffic simulation [ 13 ].…”

Section: Related Workmentioning

confidence: 99%

Experimental Implementation and Performance Evaluation of an IoT Access Gateway for the Modbus Extension

Găitan

Zagan

2021

Sensors

View full text Add to dashboard Cite

This paper presents the relevant aspects regarding the experimental implementation and performance evaluation of an Internet of things (IoT) gateway for the Modbus extension. The proposed Modbus extension specifications are extended by defining the new optimized message format, and the structure of the acquisition cycle for obtaining a deterministic temporal behavior and solutions are presented for the description of devices at the MODBUS protocol level. Three different implementations are presented, and the Modbus extension’s performance is validated regarding the efficiency in the use of the acquisition cycle time. The software and hardware processing time and the importance and effect of the various components are analyzed and evaluated. They all support the implementation of an Internet of things gateway for Modbus extension. This paper introduces solutions for the structure of the acquisition cycle to include other valuable extensions, discusses the performance of a real implementation in the form of a gateway, adds new features to the Modbus extension specification, and strengthens some of the existing ones. In accordance with the novelty and contribution of this paper to the field of local industrial networks, the results obtained in the analysis, testing, and validation of the Modbus extension protocol refer to the extending of the Modbus functions for industrial process monitoring and control management.

show abstract

“…studied the intrusion detection method based on PCA-BP neural network by using PCA to preprocess the data set, to accelerate the convergence speed and detection efficiency, but the effect of this method was not obvious in the detection of U2R and R2L attack types [2] . Y Lai, Gao, H. et al combined the intrusion detection method of whitelist filtering and neural network, and constantly improved the whitelist rule base according to the detection results of neural network to improve the detection rate of abnormal communication, but this method did not optimize the detection speed [3] . Nuraeni algorithm is designed to optimize OCSVM model parameters [4] .…”

Section: Introductionmentioning

confidence: 99%

An optimization technique for intrusion detection of industrial control network vulnerabilities based on BP neural network

Xia

Neware

Kumar

et al. 2022

Int J Syst Assur Eng Manag

View full text Add to dashboard Cite

The aim of this research is to solve the problem that the intrusion detection model of industrial control system has low detection rate and detection efficiency against various attacks, a method of optimizing BP neural network based on Adaboost algorithm is proposed. Firstly, principal component analysis (PCA) is used to preprocess the original data set to eliminate its correlation. Secondly, Adaboost algorithm is used to continuously adjust the weight of training samples, to obtain the optimal weight and threshold of BP neural network. The results show that there are 13817 pieces of data collected in the industrial control experiment, of which 9817 pieces of data are taken as the test data set, including 9770 pieces of normal data and 47 pieces of abnormal data. In addition, as a test data set of 4000 pieces, there are 3987 pieces of normal data and 13 pieces of abnormal data. It can be seen that the average detection rate and detection speed of the algorithm of optimizing BP neural network by Adaboost algorithm proposed in this paper are better than other algorithms on each attack type. It is proved that Adaboost algorithm can effectively solve the intrusion detection problem by optimizing BP neural network.

show abstract

Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer

Cited by 19 publications

References 12 publications

A Trust-Influenced Smart Grid: A Survey and a Proposal

A Trust-Influenced Smart Grid: A Survey and a Proposal

Experimental Implementation and Performance Evaluation of an IoT Access Gateway for the Modbus Extension

An optimization technique for intrusion detection of industrial control network vulnerabilities based on BP neural network

Contact Info

Product

Resources

About