Topic
Modbus
About: Modbus is a research topic. Over the lifetime, 1949 publications have been published within this topic receiving 9448 citations.
Papers published on a yearly basis
Papers
1 Jan 2006
TL;DR: It is believed that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks.
Abstract: In a model-based intrusion detection approach for protecting SCADA networks, we construct models that characterize the expected/acceptable behavior of the system, and detect attacks that cause violations of these models. Process control networks tend to have static topologies, regular trac patterns, and a limited number of applications and protocols running on them. Thus, we believe that model-based monitoring, which has the potential for detecting unknown attacks, is more feasible for control networks than for general enterprise networks. To this end, we describe three model-based techniques that we have developed and a prototype implementation of them for monitoring Modbus TCP networks.
345 citations
TL;DR: A model-based intrusion detection system designed specifically for Modbus/TCP networks that successfully flagged real anomalies that were caused by technicians who were troubleshooting the HMI system and helped identify a PLC that was configured incorrectly.
339 citations
TL;DR: The principal attacks on the Modbus Serial and Modbus TCP protocols are described and the corresponding attack taxonomies are presented to facilitate formal risk analysis efforts by clarifying the nature and scope of the security threats on Modbus control systems and networks.
249 citations
17 Mar 2014
TL;DR: Four data sets are described, which include network traffic, process control and process measurement features from a set of 28 attacks against two laboratory-scale industrial control systems that use the MODBUS application layer protocol, which enable effective comparisons of intrusion detection solutions for SCADA systems.
Abstract: Supervisory control and data acquisition (SCADA) systems monitor and control physical processes associated with the critical infrastructure. Weaknesses in the application layer protocols, however, leave SCADA networks vulnerable to attack. In response, cyber security researchers have developed myriad intrusion detection systems. Researchers primarily rely on unique threat models and the corresponding network traffic data sets to train and validate their intrusion detection systems. This leads to a situation in which researchers cannot independently verify the results, cannot compare the effectiveness of different intrusion detection systems, and cannot adequately validate the ability of intrusion detection systems to detect various classes of attacks. Indeed, a common data set is needed that can be used by researchers to compare intrusion detection approaches and implementations. This paper describes four data sets, which include network traffic, process control and process measurement features from a set of 28 attacks against two laboratory-scale industrial control systems that use the MODBUS application layer protocol. The data sets, which are freely available, enable effective comparisons of intrusion detection solutions for SCADA systems.
223 citations
Patent•
3 Apr 1996TL;DR: In this article, the authors describe a power management control system consisting of a computer having standard RS485 interface cards and adapters installed in its I/O slots defining multiple industry standard Modbus RTU networks.
Abstract: The power management control system comprises a computer having standard RS485 interface cards and adapters installed in its I/O slots defining multiple industry standard Modbus RTU networks. The computer contains software for monitoring and controlling selected aspects of power usage/consumption, as described in more detail hereinafter. The Modbus RTU protocol is a well known industry standard. Devices with a Modbus RTU interface can be connected directly to the Modbus and other devices which communicate on the Commnet protocol require a Modbus concentrator. The Modbus concentrator provides an interface between the Modbus RTU protocol and the Commnet protocol, whereby these other devices can communicate through the Modbus concentrator over the Modbus. Alternatively, standard Ethernet interface cards and adapters are installed in the computer's I/O slots defining multiple standard Ethernet TCP/IP networks. The Ethernet TCP/IP protocol is a well known standard, which would allow a user of the power management control system of the present invention to use its existing LAN. Ethernet gateways are connected to the Ethernet TCP/IP networks to provide an interface between the Ethernet TCP/IP protocol and the Modbus RTU protocol.
218 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2025 | 41 |
| 2024 | 56 |
| 2023 | 105 |
| 2022 | 169 |
| 2021 | 63 |
| 2020 | 140 |