A Study of Intrusion detection on PROFINET Network by Improving SNORT

Sammanfattning: This report is a result of master thesis in network forensics at Halmstad University during spring term 2018. Industrial engineers are becoming aware of the importance of network security. In today's industrial system, attacks on industrial control system are becoming more commonplace. The availability of industrial specific search engine which can reveal system to anyone interested, has made it easier to target vulnerable systems. Years ago, the networks that are not connected to a public network were considered "Safe". Today these networks are inter-connected, and the challenge is how to make them secure. To protect industrial control systems, monitoring of the industrial network is required to find abnormal activities. There are many open source intrusion detection systems available we have chosen SNORT for our project work since SNORT is a powerful open source intrusion detection system and has many default sets of rules also communitybased rules can be implemented. SNORT has features such as real-time traffic analysis, logging packets and content searching ability. SNORT has limited capability in understanding the PROFINET protocol and the aim of our project is to modify SNORT application to read PROFINET packets so that it can be used in industrial networks running on PROFINET protocol and create rules for PROFINET by examining the data captured from the lab environment.