Clustering-Based Self-learning Approach for Security Rules in Industrial Communication Protocol
2017
Modbus/TCP, which is a widely used industrial communication protocol, has serious security flaws because of its openness and simplicity, and developing security mechanisms based on Modbus/TCP is very hot topic. However, it is an onerous task to set rules manually for these security mechanisms. In this paper, we propose a clustering-based self-learning approach for security rules to facilitate the rule setting when carrying out the Modbus/TCP defense. Furthermore, our approach analyzes the address information from Modbus/TCP packets in depth, and automatically learns the address range setting in the white-listing rules by using the K-means algorithm. Our experimental results show that, the proposed approach is very available and effective to generate the white-listing rules for Modbus/TCP.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
10
References
1
Citations
NaN
KQI