A Modbus traffic generator for evaluating the security of SCADA systems

Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil & gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.