Anomaly Detection Approach based on Function Code Traffic by Using CUSUM Algorithm
- DOI
- 10.2991/nceece-15.2016.270How to use a DOI?
- Keywords
- Anomaly detection; Modbus/TCP; Function code traffic; Cumulative sum;
- Abstract
There is an increasing consensus that it is necessary to resolve the security issues in today’s industrial control system. From this point, this paper proposes an anomaly detection approach based on function code traffic to detect abnormal Modbus/TCP communication behaviors efficiently. Furthermore, this approach analyzes the Modbus/TCP communication packets in depth, and obtains the function code in each packet. According to the function code traffic change, this approach uses the Cumulative Sum (CUSUM) algorithm for change point detection, and generates an alarm. Our simulation results show that, the proposed approach is very available and effective to provide the security for industrial control system. Besides, we also discuss some advantages and drawbacks when using this approach.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Ming Wan AU - Wenli Shang AU - Peng Zeng PY - 2015/12 DA - 2015/12 TI - Anomaly Detection Approach based on Function Code Traffic by Using CUSUM Algorithm BT - Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering PB - Atlantis Press SP - 1506 EP - 1511 SN - 2352-5401 UR - https://doi.org/10.2991/nceece-15.2016.270 DO - 10.2991/nceece-15.2016.270 ID - Wan2015/12 ER -