Towards an In-depth Understanding of Deep Packet Inspection Using a Suite of Industrial Control Systems Protocol Packets

Towards an In-depth Understanding of Deep Packet Inspection Using a Suite of Industrial Control Systems Protocol Packets

Industrial control systems (ICS) are increasingly at risk and vulnerable to internal and external threats. These systems are integral part of our nation’s critical infrastructures. Consequently, a successful cyberattack on one of these could present disastrous consequences to human life and property as well. It is imperative that cybersecurity professionals gain a good understanding of these systems particularly in the area of communication protocols. Traditional Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are made to encapsulate some of these ICS protocols which may enable malicious payload to get through the network firewall and thus, gain entry into the network. This paper describes technical details on various ICS protocols and a suite of ICS protocol packets for the purpose of providing digital forensic materials for laboratory exercises toward a better understanding of the inner workings of ICS communications. Further, these artifacts can be useful in devising deep packet inspection (DPI) strategies that can be implemented in network firewalls, in expanding challenge materials for cyber competitions, and in attribution, vulnerability assessment, and penetration testing research in ICS security.