SwRI Develops Cyber ​​Security Intrusion Detection

SwRI Develops Cyber ​​Security Intrusion Detection
Test network design

image: SwRI designed an industrial network to detect cyberattacks from a malicious computer. The network used the Modbus/TCP protocol to transfer data packets between input/output (I/O) devices and programmable logic controllers (PLCs) connected through an Ethernet switch.
view plus

Credit: Southwest Research Institute

SAN ANTONIO — May 2, 2022 — Southwest Research Institute has developed technology to help government and industry detect cyber threats to industrial networks used in critical infrastructure and manufacturing systems. SwRI funded research to address emerging cyber threats in the rapidly evolving ecosystem for industrial automation.

The team used algorithms to search for cyber threats via network protocols that transmit industrial control data for everything from natural gas pipelines to manufacturing robots. The research led to the development of an intrusion detection system (IDS) for industrial control systems (ICS).

Historically, industrial control systems were not designed with security in mind,” said Ian R. Meinzen, an intelligent machine engineer at SwRI who worked on the project. They had the benefit of an ‘air gap’ where they could operate safely without a connection to IT networks.”

However, disconnecting industrial networks from information technology (IT) networks is no longer an option for modern automation systems that rely on the Internet of Things (IoT) to transmit large amounts of data. IoT describes the network of physical objects embedded with sensors and software to connect and exchange data with other devices and systems through communications networks over the Internet.

Connecting IoT devices and other hardware exposes industrial networks to security vulnerabilities,” said Peter Moldenhauer, a computer scientist at SwRI specializing in cybersecurity. Attacks can occur through an IoT device or even outdated software and network protocols.”

The SwRI team focused this research on the analysis of cyber attacks through the Modbus/TCP protocol. Utilities and industry have used this Ethernet-based network protocol for decades in Supervisory Control and Data Acquisition (SCADA) system equipment.

SwRI researchers originally developed the algorithms for scanning Controller Area Network (CAN) bus networks used in automotive hardware. They customized cybersecurity algorithms to scan a simulated network equipped with industrial devices before testing the new algorithms on a real-world industrial network. The test system used the Modbus/TCP protocol to send data packets over a network. The network featured an Ethernet switch that connected personal computers, programmable logic controllers (PLCs), and input/output (I/O) modules. Such industrial computing devices send commands and record data for automated robots and mechanized equipment.

We had to customize the previous algorithms to recognize the different ways the Modbus/TCP protocol grouped data packets into sequences and time signatures,” said Jonathan Esquivel, a computer scientist at SwRI.

Newly developed algorithms applied to the test network recognized normal Modbus/TCP traffic and identified cyberattack vectors such as out-of-band timing, address polling, and data manipulation/fuzzing. The algorithms classify the data packets as regular” if they come from an uncompromised industrial control device or attack” if the source is an unexpected or compromised device.

The research team included experts from SwRIs Department of Critical Systems, which specializes in embedded systems and cybersecurity, and the Institute’s Department of Manufacturing Technologies, which specializes in software and hardware integration for robotics and industrial automation.

Business trends and new technologies, fueled in part by a pandemic push toward automation, are revealing more cyber vulnerabilities in industrial systems,” said Dr. Steven Dellenback, Vice President of SwRI.s Intelligent Systems Division. We are proud to support government and industry with multidisciplinary expertise in cybersecurity and automation technologies.”

For more information visit https://www.swri.org/industries/cyber-security-services Y https://www.swri.org/industries/industrial-robotics-automation.

Disclaimer: AAAS and Eurek Alert! are not responsible for the accuracy of the press releases published on EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.

Leave a Comment