Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Analysis of parser specification languages for the network intrusion detection in industrial systems

: Bhardwaj, Shubham
: Khondoker, Rahamatullah; Waidner, Michael

Darmstadt, 2017, 68 S.
Darmstadt, TU, Master Thesis, 2017
Master Thesis
Fraunhofer SIT ()
Industrial IDS; Industrie 4.0; Protocol Parsing; Modbus; Profinet; OPC UA; S7comm

The advent of the industrial automation due to the fourth industrial revolution (Industry 4.0) in industrial sectors is shifting the focus of industrial systems, such as PLC (Programmable Logic Controllers), distributed control systems (DCS), etc. inside a production network towards IoT (Internet of Things). In the production network, these industrial systems communicate with each other by exchanging the data packets. Due to this shift, the traditional industrial systems which were not connected to the internet are now transformed into smart factories, where these systems can communicate via the internet. However, making the industrial system online also imposes threats of being attacked by malware and viruses. Industrial automation needs security measures, such as IDS (Intrusion Detection System), to analyze the data packets in order to protect the industrial systems and production network from these threats in real-time. These data packets contain headers of industrial protocols, such as Modbus and Profinet. Present approaches to parse these data packets are quite expensive, error-prone, and functionality is limited to parse some specific protocols. Therefore, a new concept is required to parse these data packets efficiently in terms of parsing time. Furthermore, this new concept should also not limit the packet parsing to some specific protocols. In this work, an approach for developing parsers has been proposed, designed, implemented, and evaluated to parse the data packets. This approach is based on the P4, a DSL (domain specific language). P4 specifies the packet parsing by a network forwarding element, i.e., a switch. In the design process, P4 act as an interface between a software switch (forwarding element device) and a controller. Parsers for the following industrial protocols are developed: Modbus, Profinet, OPC UA, and S7comm. The evaluation of this thesis shows that the proposed approach is modular and scalable to parse low-level industrial protocols (Profinet) as well as application level protocols (Modbus). It has the capability to parse multiple industrial protocols by adding or exchanging header definitions (frame formats) with one another. The evaluation also shows that the time taken to parse the protocol is linear.