Fig 1 - uploaded by Erdal Irmak
Content may be subject to copyright.
Example Modbus/TCP Shodan Query
Context in source publication
Context 1
... information such as the port number or banner information of the relevant ICS device or the service where the communication protocol is running can be important. Figure 1 shows a sample Shodan query result. In this query, the Modbus/TCP query, which is the ICS communication protocol, has been made. ...
Citations
... Such solutions boost automation in contemporary, Internet of Things (IoT)-enabled industrial processes, by supervising, monitoring, and controlling the manufacturing procedures [4] [5]. Nowadays, an ever-increasing amount of industries are utilizing ICS/SCADA solutions for automation, with this phenomenon being especially highlighted in the energy sector [6] [7]. However, as the applications of intelligent monitoring systems increase, the attack surface against such critical infrastructures (CI) expands simultaneously [8] [9] [10]. ...
The highly beneficial contribution of intelligent systems in the industrial domain is undeniable. Automation, supervision, remote control, and fault reduction are some of the various advantages new technologies offer. A protocol demonstrating high utility in industrial settings, and specifically, in smart grids, is Distributed Network Protocol 3 (DNP3), a multi-tier, application layer protocol. Notably, multiple industrial protocols are not as securely designed as expected, considering the highly critical operations occurring in their application domain. In this paper, we explore the internal vulnerabilities-by-design of DNP3, and proceed with the implementation of the attacks discovered, demonstrated through 8 DNP3 attack scenarios. Finally, we design and demonstrate a Deep Neural Network (DNN)-based, multi-model Intrusion Detection Systems (IDS), trained with our experimental network flow cyberattack dataset, and compare our solution with multiple machine learning algorithms used for classification. Our solution demonstrates a high efficiency in the classification of DNP3 cyberattacks, showing an accuracy of 99.0%.