A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems

Author

Morris, Thomas ; Vaughn, Rayford ; Dandass, Yoginder

Author_Institution

Mississippi State Univ., Starkville, MS, USA

fYear

2012

fDate

4-7 Jan. 2012

Firstpage

2338

Lastpage

2345

Abstract

MODBUS RTU/ASCII Snort is software to retrofit serial based industrial control systems to add Snort intrusion detection and intrusion prevention capabilities. This article discusses the need for such a system by describing 4 classes of intrusion vulnerabilities (denial of service, command injection, response injection, and system reconnaissance) which can be exploited on MODBUS RTU/ASCII industrial control systems. The article provides details on how Snort rules can detect and prevent such intrusions. Finally, the article describes the MODBUS RTU/ASCII Snort implementation, provides details on placement of a MODBUS RTU/ASCII Snort host within a control system to maximize intrusion detection and prevention capabilities, and discusses the system´s validation.

Keywords

industrial control; security of data; ASCII industrial control system; MODBUS RTU/ASCII Snort; Snort intrusion detection; command injection; denial of service; intrusion prevention; intrusion vulnerabilities; response injection; retrofit network intrusion detection system; serial based industrial control system; system reconnaissance; Computer crime; Control systems; Intrusion detection; Process control; Protocols; Cybersecurity; Industrial Control System; Intrusion Detection; SCADA;

fLanguage

English

Publisher

ieee

Conference_Titel

System Science (HICSS), 2012 45th Hawaii International Conference on

Conference_Location

Maui, HI

ISSN

1530-1605

Print_ISBN

978-1-4577-1925-7

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2012.78

Filename

6149298