Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems
This paper describes a novel domain-aware anomaly detection system that detects irregular
changes in Modbus/TCP SCADA control register values. The research discovered the
presence of three classes of registers:(i) sensor registers;(ii) counter registers; and (iii)
constant registers. An automatic classifier was developed to identify these classes.
Additionally, parameterized behavior models were created for each class. During its
learning phase, the anomaly detection system used the classifier to identify the different …
changes in Modbus/TCP SCADA control register values. The research discovered the
presence of three classes of registers:(i) sensor registers;(ii) counter registers; and (iii)
constant registers. An automatic classifier was developed to identify these classes.
Additionally, parameterized behavior models were created for each class. During its
learning phase, the anomaly detection system used the classifier to identify the different …
