Packet Analysis and Information Theory on Attack Detection for Modbus TCP

Cyber attacks on control system communication are increasing. In information systems, a lot of security counter-measure focusing on the distribution of communication packets has been studied so far. Such attack detection methods evaluate normal and abnormal packets based on the likelihood and the relative entropy. Whether the methods for information systems are also effective for control systems is another question. Then, this paper conducts attack detection experiments based on the likelihood and the relative entropy of DoS and spoofing attacks on Modbus TCP communication used in industrial control systems.