Ipari vezérlőrendszerek sebezhetősége: A Modbus protokollon keresztül történő támadások elleni védekezés lehetőségei

Gábor Farkas; Gábor Fazekas

doi:10.32567/hm.2025.1.4

Vulnerability of Industrial Control Systems

Defence Possibilities Against Attacks over Modbus Protocol

Gábor Farkas
https://orcid.org/0009-0005-2463-6876
Gábor Fazekas
https://orcid.org/0009-0003-8904-6231

doi: 10.32567/hm.2025.1.4

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Abstract

For decades, PLCs and SCADA systems have been enhancing the efficiency of industrial systems by enabling their control in a way that is easily programmable and monitorable. Today, these tools are indispensable and present in every industrial facility, whether it be a manufacturing plant, power generation unit or traffic control system. With technological advancements the networking of these systems has become possible, further increasing their efficiency. However, this has also heightened their exposure to cyberattacks. Given that many elements of critical infrastructure rely on these devices, it is crucial to emphasize their resilience against attacks. In our study, we examine the typical attack points and efforts to protect against them. Our goal is to provide a comprehensive overview of the causes of vulnerabilities and potential defense solutions. Furthermore, we aim to present our AI-based defensive solution that we implemented and can provide the opportunity for the protection and predeictive maintenance of industrial systems.

Keywords:

PLC SCADA cyber-attack critical infrastructure AI

How to Cite

Farkas, G., & Fazekas, G. (2025). Vulnerability of Industrial Control Systems: Defence Possibilities Against Attacks over Modbus Protocol. Military Engineer, 20(1), 73–85. https://doi.org/10.32567/hm.2025.1.4

References

ALDOSSARY, Lina Abdulaziz – ALI, Mazen – ALASAADI, Abdulla (2021): Securing SCADA Systems against Cyber-Attacks using Artificial Intelligence. 2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies. 739–745. Online: https://doi.org/10.1109/3ICT53449.2021.9581394

ALLISON, David et al. (2020): PLC-Based Cyber-Attack Detection: A Last Line of Defence. IAEA International Conference on Nuclear Security: Sustaining and Strengthening Efforts, 1–10. Online: https://conferences.iaea.org/event/181/contributions/15513/attachments/9194/12424/CN278_PLC-based-Detection.pdf

BOGNÁR Balázs – BONNYAI Tünde – VÁMOSI Zoltán (2019): Kritikus infrastruktúrák védelme I. Budapest: Dialógus Campus Kiadó.

DÉR Attila (2024): Villamosenergia-rendszerek aktuális kiberbiztonsága. Biztonságtudományi Szemle, 6(2), 47–55.

GENG, Yangyang et al. (2024): Control Logic Attack Detection and Forensics Through Reverse-Engineering and Verifying PLC Control Applications. IEEE Internet of Things Journal, 11(5), 8386–8400. Online: https://doi.org/10.1109/JIOT.2023.3318988

HAIG Zsolt et al. (2009): A kritikus információs infrastruktúrák meghatározásának módszertana. [H. n.]: ENO Advisory Kft.

HANKÓ Viktória (2023): SCADA-rendszerek kiberbiztonsága a létfontosságú rendszerelemek tekintetében 1. Hadmérnök, 18(3), 145–160. Online: https://doi.org/10.32567/hm.2023.3.10

KRALOVÁNSZKY Kristóf (2019): A villamosenergia-rendszer kiber- és nemzetbiztonsági kockázatai (1. rész). Nemzetbiztonsági Szemle, 7(3), 40–57. Online: https://doi.org/10.32561/nsz.2019.3.4

MALCHOW, Jan-Ole et al. (2015): PLC Guard: A Practical Defense against Attacks on Cyber-Physical Systems. IEEE Conference on Communications and Network Security (CNS). 326–334. Online: https://doi.org/10.1109/CNS.2015.7346843

PATEL, Sandip C. – BHATT, Ganesh D. – GRAHAM, James H. (2009): Improving the Cyber Security of SCADA Communication Networks. Communications of the ACM, 52(7), 139–142. Online: https://doi.org/10.1145/1538788.1538820

SALEHI, Mohsen – SIAVASH, Bayat-Sarmadi (2021): PLCDefender: Improving Remote Attestation Techniques for PLCs Using Physical Model. IEEE Internet of Things Journal, 8(9), 7372–7379. Online: https://doi.org/10.1109/JIOT.2020.3040237

SLAY, Jill – MILLER, Michael (2008): Lessons Learned from the Maroochy Water Breach. In GOETZ, Eric – SHENOI, Sujeet (szerk.): Critical Infrastructure Protection. Boston: Springer, 73–82. Online: https://doi.org/10.1007/978-0-387-75462-8_6

SOMMESTAD, Teodor – ERICSSON, Göran N. – NORDLANDER, Jakob (2010): SCADA System Cyber Security – A Comparison of Standards. IEEE PES General Meeting, 1–8. Online: https://doi.org/10.1109/PES.2010.5590215

VÁSÁRHELYI Örs (2024): A veszélyes üzemek információbiztonsági képességeinek fejlesztési lehetőségei napjaink kihívásainak tükrében. Belügyi Szemle, 72(1), 89–111. Online: https://doi.org/10.38146/BSZ.2024.1.6

YALÇIN, Nesibe – ÇAKIR, Semih – ÜNALDI, Sibel (2024): Attack Detection Using Artificial Intelligence Methods for SCADA Security. IEEE Internet of Things Journal, 11(24), 39550–39559. Online: https://doi.org/10.1109/JIOT.2024.3447876

YANG, Huan – CHENG, Liang – CHUAH, Mooi Choo (2018): Detecting Payload Attacks on Programmable Logic Controllers (PLCs). IEEE Conference on Communications and Network Security (CNS). 1–9. Online: https://doi.org/10.1109/CNS.2018.8433146