Towards an In-depth Understanding of Deep Packet Inspection Using a Suite of Industrial Control Systems Protocol Packets

Abstract

Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the network. This paper describes technical details on various ICS protocols and a suite of ICS protocol packets for the purpose of providing digital forensic materials for laboratory exercises toward a better understanding of the inner workings of ICS communications. Further, these artifacts can be useful in devising deep packet inspection (DPI) strategies that can be implemented in network firewalls, in expanding challenge materials for cyber competitions, and in attribution, vulnerability assessment, and penetration testing research in ICS security. We also present software tools that are available for free download on the Internet that could be used to generate simulated ICS and Supervisory Control and Data Acquisition (SCADA) communication packets for research and pedagogical purposes. Finally, we conclude the paper by presenting possible research avenues that can be pursued as extensions to this seminal work on ICS security. Prominent among these possible extensions is the expansion of the ICS packet suite to include those protocols in the wireless domain such as Wi-Fi (802.11), Bluetooth, Zigbee, and other protocols that utilizes proprietary Radio Frequency

    Similar works