A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems

A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems

MODBUS RTU/ASCII Snort is software to retrofit serial based industrial control systems to add Snort intrusion detection and intrusion prevention capabilities. This article discusses the need for such a system by describing 4 classes of intrusion vulnerabilities (denial of service, command injection,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Morris, T., Vaughn, R., Dandass, Y.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer crime
Control systems
Cybersecurity
Industrial Control System
Intrusion detection
Process control
Protocols
SCADA
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:MODBUS RTU/ASCII Snort is software to retrofit serial based industrial control systems to add Snort intrusion detection and intrusion prevention capabilities. This article discusses the need for such a system by describing 4 classes of intrusion vulnerabilities (denial of service, command injection, response injection, and system reconnaissance) which can be exploited on MODBUS RTU/ASCII industrial control systems. The article provides details on how Snort rules can detect and prevent such intrusions. Finally, the article describes the MODBUS RTU/ASCII Snort implementation, provides details on placement of a MODBUS RTU/ASCII Snort host within a control system to maximize intrusion detection and prevention capabilities, and discusses the system's validation.
ISSN:1530-1605
2572-6862
DOI:10.1109/HICSS.2012.78