Logo: to the web site of Uppsala University

With the rapid development of technology, more malicious traffic data brought negative influences on industrial areas. Modbus protocol plays a momentous role in the communications of Industrial Control Systems (ICS), but it’s vulnerable to Denial of Service attacks(DoS). Traditional detection methods cannot perform well on fine-grained detection tasks which could contribute to locating targets of attacks and preventing the destruction. Considering the temporal locality and high dimension of malicious traffic, this paper proposed a Neural Network architecture named MODLSTM, which consists of three parts: input preprocessing, feature recoding, and traffic classification. By virtue of the design, MODLSTM can form continuous stream semantics based on fragmented packets, discover potential low-dimensional features and finally classify traffic at a fine-grained level. To test the model’s performances, some experiments were conducted on industrial and public datasets, and the models achieved excellent performances in comparison with previous work(accuracy increased by 0.71% and 0.07% respectively). The results show that the proposed method has more satisfactory abilities to detect DoS attacks related to Modbus, compared with other works. It could help to build a reliable firewall to address a variety of malicious traffic in diverse situations, especially in industrial environments. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.