| Software-defined data flow detection and control approach for industrial modbus/TCP communication | |
Zhang, Zhongshui1; Zhao JM(赵剑明)5 ; Wang ZW(王照伟)5; Jing, Yuan2; Song Y(宋岩)3,5; Wan M(万明)2,5
| |
| 2019 | |
| 会议日期 | June 29-30, 2018 |
| 会议地点 | HongKong, China |
| 关键词 | Modbus/TCP SDN Flow detection and control Cyber security |
| 页码 | 722-729 |
| 英文摘要 | There is an increasing consensus that software-defined networking may become a successful case to provide fine scalability and availability for industrial Internet, and it also brings new opportunities for the development of industrial cyber security. Aligning with the defense in depth strategy, this paper proposes a software-defined data flow detection and control approach for industrial Modbus/TCP communication. Furthermore, this approach designs a novel security strategy configuration service in SDN controllers to publish the flow control rules, and SDN switches match Modbus/TCP data flows with these flow control rules to detect and control abnormal communication behaviors. Specifically, a flow control rule database which stores all flow control rules of the entire control system is managed by SDN controllers, and a security flow table is maintained by each SDN switch according to different requirements of industrial communication. By using the DPI (Deep Packet Inspection) technology, this approach can run a deep analysis of Modbus/TCP packets according to the protocol specification, and block the improper control commands or undesired technology parameters. The qualitative analysis shows that the proposed approach possesses certain advantages and feasibilities. |
| 产权排序 | 1 |
| 会议录 | Advances in Intelligent, Interactive Systems and Applications - Proceedings of the 3rd International Conference on Intelligent, Interactive Systems and Applications IISA2018
 |
| 会议录出版者 | Springer Verlag |
| 会议录出版地 | Berlin |
| 语种 | 英语 |
| ISSN号 | 2194-5357 |
| ISBN号 | 978-3-030-02803-9 |
| 内容类型 | 会议论文 |
| 源URL | [http://ir.sia.cn/handle/173321/24163]  |
| 专题 | 沈阳自动化研究所_工业控制网络与系统研究室 |
| 通讯作者 | Wan M(万明) |
| 作者单位 | 1.Shenyang Institute of Automation Chinese Academy of Sciences, Shenyang 110016, China 2.School of Information, Liaoning University, Shenyang 110036, China 3.School of Physics, Liaoning University, Shenyang 4.CNGC North Automatic Control Technology Institute, Taiyuan 030006, China 5.110036, China |
| 推荐引用方式 GB/T 7714 | Zhang, Zhongshui,Zhao JM,Wang ZW,et al. Software-defined data flow detection and control approach for industrial modbus/TCP communication[C]. 见:. HongKong, China. June 29-30, 2018. |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论