基于功能码深度检测的Modbus/TCP通信访问控制方法

Modbus/TCP Communication Control Method Based on Deep Function Code Inspection

  • 摘要: 针对目前工业控制系统中Modbus/TCP通信协议面临的安全问题,提出了一种基于功能码深度检测的Modbus/TCP通信访问控制方法.该方法基于深度包解析DPI(deep packet inspection)技术,将Modbus/TCP通信数据按功能码分类进行深度解析,不仅实现了传统的功能码、 地址范围的检测,同时还实现了寄存器或线圈的域值检测.研究表明,通过采用“白名单”的访问控制模式,该方法能够有效地隔离非法的Modbus/TCP通信数据流,保障工控设备的安全性.

     

    Abstract: In order to resolve the security problem in Modbus/TCP protocol, we propose a Modbus/TCP communication control method based on deep function code inspection. By using the DPI (deep packet inspection) technology, the method deeply analyses the Modbus/TCP packets according to the different function codes. It can check not only the ordinary function codes and addresses, but also the values of registers or coils. In particular, our research results show that, by using the whitelist mode, the method can filter the malicious Modbus/TCP packets effectively, and can provide the security for the industry control devices.

     

/

返回文章
返回