基于区域/边界规则的Modbus TCP通讯安全防御模型

To solve the problem that it is difficult to detect the intrusion of advanced industrial virus into the industrial control system, design flaws of Modbus TCP were analyzed, and a method was proposed, through which the Modbus TCP packet was deeply parsed to deal with the threat from the application layer. Furthermore, a normal method describing the security rule was proposed and a Modbus TCP communication protection method in the industrial control system or SCADA system that combining the IDS rule with “white-list” was designed, which defined what was necessary between different zones, thus the possibility of being attacked was diminished, while in the meantime a suspicious but probable legal packet would trigger an alarm. The simulation experiments validate the effectiveness of the proposed method.