We present a taxonomy and a comprehensive attack tree model for Modbus/TCP protocol. The model includes Reconnaissance attacks, Man-In-The-Middle attacks, Denial of Service attacks, and Replay attacks. We develop a formal risk assessment model that integrates attack time, detection time, and plant hazard generation time. The attack tree model is used to implement a set of attacks on a CPS testbed. The experimental results are used to identify a set of features for attack detection as well as countermeasures. Several important insights and future research directions are identified to secure cyber physical systems that utilize Modbus/TCP protocol.

Authors: May Bashendy, Sohaila Eltanbouly, Ashraf Tantawy, Abdelkarim Erradi

Published in: World Congress on Industrial Control Systems Security (WCICSS-2020)

  • Date of Conference: 8-10 December 2020
  • DOI: 10.20533/WCICSS.2020.0005
  • ISBN: 978-1-913572-26-6
  • Conference Location: London, UK