000171800 001__ 171800
000171800 005__ 20260603114408.0
000171800 0247_ $$2doi$$a10.3390/fi18050259
000171800 0248_ $$2sideral$$a149522
000171800 037__ $$aART-2026-149522
000171800 041__ $$aeng
000171800 100__ $$aAbdulJawad, Mohammad
000171800 245__ $$aA Deception-Based Access Control Mechanism for Protecting PLCs from ModbusTCP Brute-Force Attacks in IIoT Environments
000171800 260__ $$c2026
000171800 5060_ $$aAccess copy available to the general public$$fUnrestricted
000171800 5203_ $$aIndustrial control systems (ICSs) increasingly rely on legacy communication protocols such as ModbusTCP, which lack built-in security mechanisms and remain widely exposed to network-based attacks. This paper investigates the security limitations of authentication mechanisms in ModbusTCP-enabled programmable logic controllers (PLCs) and demonstrates how plaintext credential transmission and limited connection handling capabilities can be exploited to perform brute-force and denial-of-service (DoS) attacks. An experimental testbed based on two industrial Delta PLC families (DVP-13SE and DVP-311SV3) was developed to systematically evaluate these vulnerabilities under realistic conditions. The results show that authentication credentials can be easily captured through network sniffing, while the PLC communication stack supports a maximum of 16 concurrent connections and can process up to approximately 8600 Modbus operations per second, making it susceptible to resource exhaustion and performance degradation under distributed attack scenarios. To address these limitations, this paper proposes a lightweight deception-based protection mechanism, termed the PLC misleading algorithm (PMA), which is implemented directly within the PLC ladder logic. Unlike traditional network-level defenses, PMA operates at the device level and dynamically misleads attackers by generating controlled randomized responses while preserving consistent behavior for legitimate clients. Experimental results demonstrate that PMA significantly mitigates brute-force effectiveness by preventing reliable password extraction while introducing minimal overhead (2.2% memory usage) and maintaining acceptable communication latency. Additionally, the proposed approach significantly reduces observable attack traffic, with only 0.246 Modbus operations per second observed during the attack phase, thereby limiting the effectiveness of automated exploitation tools. These findings highlight the potential of in-device deception mechanisms as a practical and deployable security layer for legacy industrial systems, and provide new insights into the resilience of PLC-based infrastructures against network-level attacks. This work bridges the gap between lightweight PLC-level protections and the growing need for robust cybersecurity mechanisms in industrial IoT environments.
000171800 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T31-20R$$9info:eu-repo/grantAgreement/ES/MICIU/PID2022-136476OB-I00
000171800 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttps://creativecommons.org/licenses/by/4.0/deed.es
000171800 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000171800 700__ $$aMasoud, Mohammad Z.
000171800 700__ $$0(orcid)0000-0002-5254-1402$$aÁlesanco, Álvaro$$uUniversidad de Zaragoza
000171800 700__ $$0(orcid)0000-0001-9485-7678$$aGarcía, José$$uUniversidad de Zaragoza
000171800 7102_ $$15008$$2560$$aUniversidad de Zaragoza$$bDpto. Ingeniería Electrón.Com.$$cÁrea Ingeniería Telemática
000171800 773__ $$g18, 259 (2026), 23$$tFUTURE INTERNET$$x1999-5903
000171800 8564_ $$s1435871$$uhttps://zaguan.unizar.es/record/171800/files/texto_completo.pdf$$yVersión publicada
000171800 8564_ $$s2612522$$uhttps://zaguan.unizar.es/record/171800/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000171800 909CO $$ooai:zaguan.unizar.es:171800$$particulos$$pdriver
000171800 951__ $$a2026-06-03-11:05:37
000171800 980__ $$aARTICLE