What question did this study set out to answer?

To develop an effective machine learning framework to detect TCP connection exhaustion attacks in Modbus TCP/IP networks.

April 28, 2026Open Access

Optimized machine learning approach for detecting TCP exhaustion attacks in modbus-TCP/IP networks

Key Points

To develop an effective machine learning framework to detect TCP connection exhaustion attacks in Modbus TCP/IP networks.
Used a simulated testbed with virtual machines to model normal and attack conditions in Modbus communication.
Implemented the Random Forest algorithm to analyze malicious traffic in operational technology environments.
Achieved an F1-score of 99.83%, indicating high detection accuracy.
Measured precision of 99.9% and recall of 99.7%, reflecting the model's reliability.
Validated the approach as lightweight and suitable for real-time implementation in resource-constrained setups.

Abstract

Abstract The Modbus TCP/IP protocol, widely adopted in industrial communications, lacks essential security features, making it vulnerable to cyberattacks such as TCP Connection Exhaustion. This paper proposes a machine learning-based detection framework using the Random Forest (RF) algorithm to identify malicious traffic in Operational Technology (OT) networks. A simulated testbed was created using virtual machines to emulate Modbus server-client communication under normal and attack conditions. Our model achieved F1-score of 99.83 %, precision of 99.9 %, and recall of 99.7 %, clearly demonstrating its accuracy and robustness. These results validate the proposed approach as a lightweight, real-time, and effective intrusion detection system suitable for resource-constrained industrial environments.

Optimized machine learning approach for detecting TCP exhaustion attacks in modbus-TCP/IP networks

Key Points

Abstract

Cite This Study