Clustering-Based Self-learning Approach for Security Rules in Industrial Communication Protocol

Modbus/TCP, which is a widely used industrial communication protocol, has serious security flaws because of its openness and simplicity, and developing security mechanisms based on Modbus/TCP is very hot topic. However, it is an onerous task to set rules manually for these security mechanisms. In this paper, we propose a clustering-based self-learning approach for security rules to facilitate the rule setting when carrying out the Modbus/TCP defense. Furthermore, our approach analyzes the address information from Modbus/TCP packets in depth, and automatically learns the address range setting in the white-listing rules by using the K-means algorithm. Our experimental results show that, the proposed approach is very available and effective to generate the white-listing rules for Modbus/TCP.