A new Detection Approach against attack/intrusion in Measurement and Control System with Fins protocol

Measurement and control system integrating different software and hardware is used to measure parameters, monitor process and control operation, which has been widely applied in critical infrastructures and has adopted Ethernet for data exchange. The recent publications have indicated that measurement and control systems are very vulnerable when they are exposed to cyber-attacks due to various intrinsic security weakness. Fins protocol as one of the most popular protocols is built into a larger number of Ormon devices that are used in different kinds of measurement, and control systems and has been targeted as the desirable candidate for cyber-attack. However, the traditional detection method based on traffic analysis and function code compliance detection is unable to detect mode-switching attack that is consistent with the protocol syntax, and it is a very harmful network attack against industrial devices. In this paper, we analyze the defects of measurement and control system using Fins protocol, launch mode-switching attack against Ormon PLC devices and display how to defend against this attack by designing a detection rules insert into Snort. Then, this detection approach is carried out to protect the security of Ormon PLC. Finally, the experimental results show that our detection approach can distinguish and detect this malicious cyber-attack efficiently.