Research on DoS Attack Detection Method of Modbus TCP in OpenPLC  

作　　者：Tongxin Li Yong Wan Cunming Zou Yingjie Tian Lin Zhou Yiwen Zhu Tongxin Li;Yong Wan;Cunming Zou;Yingjie Tian;Lin Zhou;Yiwen Zhu(College of Science, Shanghai University of Electric Power, Shanghai, China;National Quality Supervision and Testing Center of Security Products for Network and Information Systems, The Third Research Institute of Ministry of Public Security, Shanghai, China;Power Big Data Center, State Grid Shanghai Municipal Electric Power Company Electric Power Research Institute, Shanghai, China;Shanghai Cloud Sword Information Technology Co., Ltd., Shanghai, China)

机构地区：[1]College of Science, Shanghai University of Electric Power, Shanghai, China [2]National Quality Supervision and Testing Center of Security Products for Network and Information Systems, The Third Research Institute of Ministry of Public Security, Shanghai, China [3]Power Big Data Center, State Grid Shanghai Municipal Electric Power Company Electric Power Research Institute, Shanghai, China [4]Shanghai Cloud Sword Information Technology Co., Ltd., Shanghai, China

出　　处：《Journal of Computer and Communications》2021年第7期73-90,共18页电脑和通信（英文）

摘　　要：With the development of new information technologies such as cloud computing, Internet of Things, and mobile Internet of Things, Industry 4.0, Smart Manufacturing and Made in China 2025 have been proposed as the main content of the development of the next industrial revolution. In order to realize these projects with the common characteristics of intelligence, service, and green, a new manufacturing model, digital twin, is proposed, which combines the digital twin with industrial systems, that is, the industrial control virtualization system. However, due to the frequent occurrence of industrial control system security incidents in recent years, the industrial control virtualization system is vulnerable to attacks. The industrial control system is huge and cumbersome. Once attacked, it will cause consequences that affect the whole body. In response to this problem, this article carried out a research on DoS attack detection methods for Modbus TCP in OpenPLC, using OpenPLC as a tool for industrial control system virtualization, building a digital twin system with Raspberry Pi, and launching DoS attacks on the system, combined with Snort Intrusion detection is carried out, and the experimental results show that the built digital twin system can detect DoS attacks in OpenPLC.With the development of new information technologies such as cloud computing, Internet of Things, and mobile Internet of Things, Industry 4.0, Smart Manufacturing and Made in China 2025 have been proposed as the main content of the development of the next industrial revolution. In order to realize these projects with the common characteristics of intelligence, service, and green, a new manufacturing model, digital twin, is proposed, which combines the digital twin with industrial systems, that is, the industrial control virtualization system. However, due to the frequent occurrence of industrial control system security incidents in recent years, the industrial control virtualization system is vulnerable to attacks. The industrial control system is huge and cumbersome. Once attacked, it will cause consequences that affect the whole body. In response to this problem, this article carried out a research on DoS attack detection methods for Modbus TCP in OpenPLC, using OpenPLC as a tool for industrial control system virtualization, building a digital twin system with Raspberry Pi, and launching DoS attacks on the system, combined with Snort Intrusion detection is carried out, and the experimental results show that the built digital twin system can detect DoS attacks in OpenPLC.

关 键 词：Digital Virtualization Communication Protocol Vulnerability OpenPLC SNORT 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]