Information Hiding Detection in Industrial Control Systems - Statistical Analysis in Modbus TCP/IP

Altschaffel, Robert; Dittmann, Jana; Lingk, Lennox

Home // SECURWARE 2024, The Eighteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Information Hiding Detection in Industrial Control Systems - Statistical Analysis in Modbus TCP/IP

Authors:
Robert Altschaffel
Jana Dittmann
Lennox Lingk

Keywords: Communication; Steganography; Attribution.

Abstract:
Hidden Communication is a technique increasingly employed by advanced attackers. Attacks performed by such advanced attackers on Industrial Control Systems (ICS) also recently gained relevance. This paper aims at increasing the security of ICS against attacks employing hidden communication. The detection of hidden communication is a necessary foundation to prevent non-legitimate communication within a network – potentially one used within a critical infrastructure. Besides detection, the attribution of such an advanced attack is useful to enhance future security. As such, we explore means to detect hidden communication in ICS using statistical methods. We demonstrate an approach based on heuristic methods and show a proof of concept for the Modbus TCP/IP protocol including the sucessful evaluation with 37 network captures for ICS

Pages: 119 to 124

Copyright: Copyright (c) IARIA, 2024

Publication date: November 3, 2024

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-206-7

Location: Nice, France

Dates: from November 3, 2024 to November 7, 2024