• DocumentCode
    3698822
  • Title

    Designing snort rules to detect abnormal DNP3 network data

  • Author

    Hao Li; Guangjie Liu; Weiwei Jiang; Yuewei Dai

  • Author_Institution
    School of Automation, Nanjing University of Science and Technology, China
  • fYear
    2015
  • Firstpage
    343
  • Lastpage
    348
  • Abstract
    Vulnerability of industrial control network communication protocol is the most important reason leading to industrial control network attacks. In this paper, the vulnerability of DNP3, the typical industrial control network communication protocol, is analyzed. The abnormal behaviors of DNP3 are categorized according to the Snort detection mechanisms. The Snort detection rule template for anomaly DNP3 data is constructed and the rules are designed according the template. The rule designing method can be generally extended to other network-based industrial control protocols.
  • Keywords
    "Protocols","Industrial control","Servers","Arrays","Intrusion detection","Computer crime"
  • Publisher
    ieee
  • Conference_Titel
    Control, Automation and Information Sciences (ICCAIS), 2015 International Conference on
  • Type

    conf

  • DOI
    10.1109/ICCAIS.2015.7338690
  • Filename
    7338690
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3698822