Improve the Security of Industrial Control System : A Fine-Grained Classification Method for DoS Attacks on Modbus/TCP

• With the rapid development of technology, more malicious traffic data brought negative influences on industrial areas. Modbus protocol plays a momentous role in the communications of Industrial Control Systems (ICS), but it’s vulnerable to Denial of Service attacks(DoS). Traditional detection methods cannot perform well on fine-grained detection tasks which could contribute to locating targets of attacks and preventing the destruction. Considering the temporal locality and high dimension of malicious traffic, this paper proposed a Neural Network architecture named MODLSTM, which consists of three parts: input preprocessing, feature recoding, and traffic classification. By virtue of the design, MODLSTM can form continuous stream semantics based on fragmented packets, discover potential low-dimensional features and finally classify traffic at a fine-grained level. To test the model’s performances, some experiments were conducted on industrial and public datasets, and the models achieved excellent performances in comparison with previous work(accuracy increased by 0.71% and 0.07% respectively). The results show that the proposed method has more satisfactory abilities to detect DoS attacks related to Modbus, compared with other works. It could help to build a reliable firewall to address a variety of malicious traffic in diverse situations, especially in industrial environments. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.

Ämnesord

NATURVETENSKAP  -- Data- och informationsvetenskap -- Datavetenskap (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Computer Sciences (hsv//eng)

TEKNIK OCH TEKNOLOGIER  -- Elektroteknik och elektronik -- Datorsystem (hsv//swe)

ENGINEERING AND TECHNOLOGY  -- Electrical Engineering, Electronic Engineering, Information Engineering -- Computer Systems (hsv//eng)

Nyckelord

DDoS

Deep learning

DoS

Fine-grained classification

ICS

Modbus

Classification (of information)

Integrated circuits

Intelligent control

Network architecture

Network security

Semantics

Classification methods

Denialof- service attacks

Fine grained

Industrial control systems

Malicious traffic

Performance

Denial-of-service attack

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)