Skip to main content
SpringerLink
Log in

Improve the Security of Industrial Control System: A Fine-Grained Classification Method for DoS Attacks on Modbus/TCP

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

With the rapid development of technology, more malicious traffic data brought negative influences on industrial areas. Modbus protocol plays a momentous role in the communications of Industrial Control Systems (ICS), but it’s vulnerable to Denial of Service attacks(DoS). Traditional detection methods cannot perform well on fine-grained detection tasks which could contribute to locating targets of attacks and preventing the destruction. Considering the temporal locality and high dimension of malicious traffic, this paper proposed a Neural Network architecture named MODLSTM, which consists of three parts: input preprocessing, feature recoding, and traffic classification. By virtue of the design, MODLSTM can form continuous stream semantics based on fragmented packets, discover potential low-dimensional features and finally classify traffic at a fine-grained level. To test the model’s performances, some experiments were conducted on industrial and public datasets, and the models achieved excellent performances in comparison with previous work(accuracy increased by 0.71% and 0.07% respectively). The results show that the proposed method has more satisfactory abilities to detect DoS attacks related to Modbus, compared with other works. It could help to build a reliable firewall to address a variety of malicious traffic in diverse situations, especially in industrial environments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Algorithm 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data Availability

The datasets used or analyzed during the current study are available from the corresponding author on reasonable request.

Code Availability

The data that support the findings of this study are available from the corresponding author upon reasonable request.

References

  1. Zhang H, Dai S, Li Y, Zhang W (2018) Real-time distributed-random-forest-based network intrusion detection system using apache spark. In: 2018 IEEE 37th international performance computing and communications conference (IPCCC), pp 1–7. https://doi.org/10.1109/PCCC.2018.8711068

  2. Ali MH, Jaber MM, Abd SK, Rehman A, Awan MJ, Damaševičius R, Bahaj SA (2022) Threat analysis and distributed denial of service (ddos) attack recognition in the internet of things (iot). Electronics 11(3):494

    Article  Google Scholar 

  3. Javaid A, Niyaz Q, Sun W, Alam M (2016) A deep learning approach for network intrusion detection system. Eai Endorsed Trans Secur Saf 3(9):2

    Google Scholar 

  4. Zhang H, Zhang W, Lv Z, Kumar A, Huang T, Chilamkurti N (2020) Maldc: a depth detection method for malware based on behavior chains. World Wide Web 23:1–20. https://doi.org/10.1007/s11280-019-00675-z

    Article  Google Scholar 

  5. Hidayat I, Ali MZ, Arshad A (2022) Machine learning based intrusion detection system: an experimental comparison. J Comput Cogn Eng

  6. Luswata J, Zavarsky P, Swar B, Zvabva D (2018) Analysis of scada security using penetration testing: a case study on modbus tcp protocol. In: 2018 29th biennial symposium on communications (BSC). IEEE, pp 1–5

  7. Das S, Namasudra S (2022) Multi-authority cp-abe-based access control model for iot-enabled healthcare infrastructure. IEEE Trans Ind Informatics

  8. Bhatia S, Kush NS, Djamaludin C, Akande AJ, Foo E (2014) Practical modbus flooding attack and detection. In: Proceedings of the 12th australasian information security conference (AISC 2014)[Conferences in Research and Practice in Information Technology, vol 149]. Australian Computer Society, pp 57–65

  9. Fovino IN, Carcano A, Masera M, Trombetta A (2009) Design and implementation of a secure modbus protocol. In: Palmer C, Shenoi S (eds) Critical Infrastructure Protection III. Springer, pp 83–96

  10. Liao G-Y, Chen Y-J, Lu W-C, Cheng T-C (2008) Toward authenticating the master in the modbus protocol. IEEE Trans Power Deliv 23(4):2628–2629. https://doi.org/10.1109/TPWRD.2008.2002942

    Article  Google Scholar 

  11. Morris TH, Jones BA, Vaughn RB, Dandass YS (2013) Deterministic intrusion detection rules for modbus protocols. In: 2013 46th Hawaii international conference on system sciences. IEEE, pp 1773–1781

  12. Li S-C, Huang Y, Tai B-C, Lin C-T (2017) Using data mining methods to detect simulated intrusions on a modbus network. In: 2017 IEEE 7th international symposium on cloud and service computing (SC2). IEEE, pp 143–148

  13. Radoglou-Grammatikis P, Siniosoglou I, Liatifis T, Kourouniadis A, Rompolos K, Sarigiannidis P (2020) Implementation and detection of modbus cyberattacks. In: 2020 9th international conference on modern circuits and systems technologies (MOCAST). IEEE, pp 1–4

  14. El Safadi A, Flaus J-M (2018) A deep learning approach for intrusion detection system in industry network. In: The first international conference on big data and cybersecurity intelligence

  15. Siniosoglou I, Radoglou-Grammatikis P, Efstathopoulos G, Fouliras P, Sarigiannidis P (2021) A unified deep learning anomaly detection and classification approach for smart grid environments. IEEE Trans Netw Serv Manag 18(2):1137–1151

    Article  Google Scholar 

  16. Namasudra S, Crespo RG, Kumar S (2022) Introduction to the special section on advances of machine learning in cybersecurity (VSI-mlsec). Elsevier

  17. Jinhui W (2019) The current main distributed denial of service and defence methods. In: 2019 12th international conference on intelligent computation technology and automation (ITA), pp 351–355

  18. Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In: 2019 international carnahan conference on security technology (ICCST). IEEE, pp 1–8

  19. Cil AE, Yildiz K, Buldu A (2021) Detection of ddos attacks with feed forward based deep neural network model. Expert Syst Appl 169:114520

    Article  Google Scholar 

  20. Elsayed MS, Le-Khac N-A, Dev S, Jurcut AD (2020) Ddosnet: A deep-learning model for detecting network attacks. In: 2020 IEEE 21st international symposium on “a world of wireless, mobile and multimedia networks”(WoWMoM). IEEE, pp 391–396

  21. ur Rehman S, Khaliq M, Imtiaz SI, Rasool A, Shafiq M, Javed AR, Jalil Z, Bashir AK (2021) Diddos: an approach for detection and identification of distributed denial of service (ddos) cyberattacks using gated recurrent units (gru). Futur Gener Comput Syst 118:453–466

    Article  Google Scholar 

  22. McNally B, Vasko F, Lu Y (2022) A simple methodology that efficiently generates all optimal spanning trees for the cable-trench problem. https://doi.org/10.47852/bonviewJCCE208918205514

  23. Chen Z (2022) Research on internet security situation awareness prediction technology based on improved rbf neural network algorithm. J Comput Cogn Eng

  24. Gohil M, Kumar S (2020) Evaluation of classification algorithms for distributed denial of service attack detection. In: 2020 IEEE 3rd international conference on artificial intelligence and knowledge engineering (AIKE). IEEE, pp 138–141

  25. Wani A, Khaliq R (2021) Sdn-based intrusion detection system for iot using deep learning classifier (idsiot-sdl). CAAI Trans Intell Technol 6(3):281–290

    Article  Google Scholar 

  26. Mahmood T, Ali Z (2022) Prioritized muirhead mean aggregation operators under the complex single-valued neutrosophic settings and their application in multi-attribute decision-making. J Comput Cogn Eng:56–73

  27. Pavithran P, Mathew S, Namasudra S, Singh A (2022) Enhancing randomness of the ciphertext generated by dna-based cryptosystem and finite state machine. Clust Comput:1–17

  28. Chakraborty A, Alam M, Dey V, Chattopadhyay A, Mukhopadhyay D (2021) A survey on adversarial attacks and defences. CAAI Trans Intell Technol 6(1):25–45

    Article  Google Scholar 

  29. Gutub A (2022) Boosting image watermarking authenticity spreading secrecy from counting-based secret-sharing. CAAI Trans Intell Technol

  30. Alamri HA, Thayananthan V (2020) Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against ddos attacks. IEEE Access 8:194269–194288

    Article  Google Scholar 

  31. Parfenov D, Kuznetsova L, Yanishevskaya N, Bolodurina I, Zhigalov A, Legashev L (2020) Research application of ensemble machine learning methods to the problem of multiclass classification of ddos attacks identification. In: 2020 International Conference Engineering and Telecommunication (En&T). IEEE, pp 1–7

  32. Can D-C, Le H-Q, Ha Q-T (2021) Detection of distributed denial of service attacks using automatic feature selection with enhancement for imbalance dataset. In: Asian Conference on intelligent information and database systems. Springer, pp 386–398

  33. Varghese JE, Muniyal B (2021) An efficient ids framework for ddos attacks in sdn environment. IEEE Access 9:69680–69699

    Article  Google Scholar 

  34. Sanchez OR, Repello M, Carrega A, Bolla R (2021) Evaluating ml-based ddos detection with grid search hyperparameter optimization. In: 2021 IEEE 7th international conference on network softwarization (NetSoft). IEEE, pp 402–408

  35. Pontes CF, de Souza MM, Gondim JJ, Bishop M, Marotta MA (2021) A new method for flow-based network intrusion detection using the inverse potts model. IEEE Trans Netw Serv Manag 18(2):1125–1136

    Article  Google Scholar 

  36. Kshirsagar D, Kumar S (2021) A feature reduction based reflected and exploited ddos attacks detection system. J Ambient Intell Humanized Comput:1–13

  37. Wei Y, Jang-Jaccard J, Sabrina F, Singh A, Xu W, Camtepe S (2021) Ae-mlp: a hybrid deep learning approach for ddos detection and classification. IEEE Access 9:146810–146821

    Article  Google Scholar 

  38. Hussain F, Abbas SG, Husnain M, Fayyaz UU, Shahzad F, Shah GA (2020) IoT DoS and DDoS Attack Detection using ResNet. arXiv:2012.01971 [cs]. Accessed 2022 Sept 15

  39. Badamasi UM, Sharjeel Khaliq OB, Shafiu Musa TI (2020) A deep learning based approach for DDos attack detection in IoT-enabled smart environments. Int J Comput Netw Commun Secur

  40. Lashkari AH, Zang Y, Owhuo G, Mamun MSI, Gil GD (2017) CICFlowMeter. Github

    Google Scholar 

  41. Lin M, Chen Q, Yan S (2013) Network in network. arXiv:1312.4400

  42. Hochreiter S (1998) The vanishing gradient problem during learning recurrent neural nets and problem solutions. Int J Uncertain Fuzziness Knowl-Based Syst 6:107–116

    Article  Google Scholar 

  43. Qu H, Qin J, Liu W, Chen H (2017) Instruction detection in scada/modbus network based on machine learning. In: International conference on machine learning and intelligent communications. Springer, pp 437–454

  44. Hu Y, Zhang D, Cao G, Pan Q (2019) Network data analysis and anomaly detection using cnn technique for industrial control systems security. In: 2019 IEEE international conference on systems, man and cybernetics (SMC). IEEE, pp 593–597

  45. Mieden P, Beltman R (2020) Network anomaly detection in modbus tcp industrial control systems. Technical report, University of Amsterdam

  46. de Assis MV, Carvalho LF, Rodrigues JJ, Lloret J, Proença Jr ML (2020) Near real-time security system applied to sdn environments in iot networks using convolutional neural network. Comput Electr Eng 86:106738

  47. Sadaf K, Sultana J (2020) Intrusion detection based on autoencoder and isolation forest in fog computing. IEEE Access 8:167059–167068

    Article  Google Scholar 

  48. Singh Samom P, Taggu A (2021) Distributed denial of service (ddos) attacks detection: a machine learning approach. In: Thampi SM, Lloret Mauri J, Fernando X, Boppana R, Geetha S, Sikora A (eds) Applied soft computing and communication networks. Springer, pp 75–87

Download references

Funding

This study was supported in part by grants from the National Natural Science Foundation of China(no.62077024).

Author information

Authors and Affiliations

  1. National Engineering Laboratory for Educational Big Data, Faculty of Artificial Intelligence in Education, Central China Normal University, Wuhan, 430079, Hubei, China

    Hao Zhang, Yuandong Min, Sanya Liu, Hang Tong & Yaopeng Li

  2. Department of Game Design, Faculty of Arts, Uppsala University, Uppsala, Sweden

    Zhihan Lv

Authors
  1. Hao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuandong Min
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sanya Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hang Tong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yaopeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhihan Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hao Zhang.

Ethics declarations

Ethics approval

No applicable.

Consent to participate

No applicable.

Consent for Publication

No applicable.

Competing interests

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Thanks to the support of the National Natural Science Foundation of China(no.62077024).

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, H., Min, Y., Liu, S. et al. Improve the Security of Industrial Control System: A Fine-Grained Classification Method for DoS Attacks on Modbus/TCP. Mobile Netw Appl 28, 839–852 (2023). https://doi.org/10.1007/s11036-023-02108-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-023-02108-8

Keywords

Search

Navigation