A Modbus traffic generator for evaluating the security of SCADA systems

Rami Al-Dalky; Omar Abduljaleel; Khaled Salah; Hadi Otrok; Mahmoud Al-Qutayri

doi:10.1109/CSNDSP.2014.6923938

A Modbus traffic generator for evaluating the security of SCADA systems

Rami Al-Dalky
, Omar Abduljaleel
, Khaled Salah
, Hadi Otrok
, Mahmoud Al-Qutayri

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

27 Scopus citations

Abstract

Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil & gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.

Original language	British English
Title of host publication	2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	809-814
Number of pages	6
ISBN (Electronic)	9781479925810
DOIs	https://doi.org/10.1109/CSNDSP.2014.6923938
State	Published - 14 Oct 2014
Event	2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014 - Manchester, United Kingdom Duration: 23 Jul 2014 → 25 Jul 2014

Publication series

Name	2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014

Conference

Conference	2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014
Country/Territory	United Kingdom
City	Manchester
Period	23/07/14 → 25/07/14

Keywords

Modbus
Network security
SCADA System
Scapy
Snort

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/CSNDSP.2014.6923938

Cite this

Al-Dalky, R., Abduljaleel, O., Salah, K., Otrok, H., & Al-Qutayri, M. (2014). A Modbus traffic generator for evaluating the security of SCADA systems. In 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014 (pp. 809-814). Article 6923938 (2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CSNDSP.2014.6923938

Al-Dalky, Rami ; Abduljaleel, Omar ; Salah, Khaled et al. / A Modbus traffic generator for evaluating the security of SCADA systems. 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 809-814 (2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014).

@inproceedings{804c2dd76d0746979c0c73b22a99f209,

title = "A Modbus traffic generator for evaluating the security of SCADA systems",

abstract = "Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil \& gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.",

keywords = "Modbus, Network security, SCADA System, Scapy, Snort",

author = "Rami Al-Dalky and Omar Abduljaleel and Khaled Salah and Hadi Otrok and Mahmoud Al-Qutayri",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014 ; Conference date: 23-07-2014 Through 25-07-2014",

year = "2014",

month = oct,

day = "14",

doi = "10.1109/CSNDSP.2014.6923938",

language = "British English",

series = "2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "809--814",

booktitle = "2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014",

address = "United States",

}

Al-Dalky, R, Abduljaleel, O, Salah, K , Otrok, H & Al-Qutayri, M 2014, A Modbus traffic generator for evaluating the security of SCADA systems. in 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014., 6923938, 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014, Institute of Electrical and Electronics Engineers Inc., pp. 809-814, 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014, Manchester, United Kingdom, 23/07/14. https://doi.org/10.1109/CSNDSP.2014.6923938

A Modbus traffic generator for evaluating the security of SCADA systems. / Al-Dalky, Rami; Abduljaleel, Omar; Salah, Khaled et al.
2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 809-814 6923938 (2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Modbus traffic generator for evaluating the security of SCADA systems

AU - Al-Dalky, Rami

AU - Abduljaleel, Omar

AU - Salah, Khaled

AU - Otrok, Hadi

AU - Al-Qutayri, Mahmoud

PY - 2014/10/14

Y1 - 2014/10/14

N2 - Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil & gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.

AB - Supervisory control and data acquisition (SCADA) systems are used to monitor and control several industrial functions such as: oil & gas, electricity, water, nuclear fusion, etc. Recently, the Internet connectivity to SCADA systems introduced new vulnerabilities to these systems and made it a target for immense amount of attacks. In the literature, several solutions have been developed to secure SCADA systems; however; the literature is lacking work directed at the development of tools to evaluate the effectiveness of such solutions. An essential requirement of such tools is the generation of normal and malicious SCADA traffic. In this paper, we present an automated tool to generate a malicious SCADA traffic to be used to evaluate such systems. We consider the traffic generation of the popular SCADA Modbus protocol. The characteristics of the generated traffic are derived from Snort network intrusion detection system (NIDS) Modbus rules. The tool uses Scapy to generate packets based on the extracted traffic features. We present the testing results for our tool. The tool is used to read a Snort rule file that contains Modbus rules to extract the required traffic features.

KW - Modbus

KW - Network security

KW - SCADA System

KW - Scapy

KW - Snort

UR - https://www.scopus.com/pages/publications/84910620227

U2 - 10.1109/CSNDSP.2014.6923938

DO - 10.1109/CSNDSP.2014.6923938

M3 - Conference contribution

AN - SCOPUS:84910620227

T3 - 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014

SP - 809

EP - 814

BT - 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014

Y2 - 23 July 2014 through 25 July 2014

ER -

Al-Dalky R, Abduljaleel O, Salah K , Otrok H , Al-Qutayri M. A Modbus traffic generator for evaluating the security of SCADA systems. In 2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 809-814. 6923938. (2014 9th International Symposium on Communication Systems, Networks and Digital Signal Processing, CSNDSP 2014). doi: 10.1109/CSNDSP.2014.6923938

A Modbus traffic generator for evaluating the security of SCADA systems

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this