Top of page
Global Site Navigation

School of Science

Local Section Navigation
You are here: Main Content

Mr Paresh L Kerai


Automated Detection and analysis of Network Borne Threats in Modbus Environments

The proposed research will produce a framework for automated detection and testing of network borne malware threats that are present in Industrial control systems or supervisory control and data acquisition. The ModBUS protocol is widely used on SCADA networks and other industrial field devices and also used to control HVAC (Heating, Ventilation and Air Conditioning) and operational equipment such as industrial control systems. SCADA networks monitor and control critical industrial functions enabling process control of infrastructures for production, manufacturing and power generation companies, which includes, natural gas, electricity, oil, water, sewage treatment and railroads network (Harper et al., 2011).

The ModBUS protocol was developed and introduced in 1979 by Modicon. The protocol is an application layer protocol and is used to transmit communications between master (client) and slave (server). It was initially developed to provide reliability and availability however the security of the protocol and secure the infrastructure was not considered priority at the time as these systems are closed. Therefore, the industrial systems or infrastructure networks using ModBUS are insecure and exposed to a variety of cyber security attacks. Cyber-attacks on industrial control systems that use ModBUS protocol has increased in recent times and tools and methods need to be developed to adhere the problem.

Professional Associations

  • Australian Information Security Society – (AISA)
  • High Technology Crime Investigation Association – (HTCIA)


  • Bachelor of Computer and Network Security – Edith Cowan University 2006-2009
  • Bachelor of Computer Science (Honours) – Edith Cowan University 2009-2010
  • Doctor of Philosophy – Edith Cowan University 2015-current

Other Qualifications

  • Systems Security Certified Practitioner – (SSCP) ICS2
  • Compita Security plus
  • Intel Security Product Specialist - Network Security Platform, McAfee ePO Orchestrator and McAfee VirusScan.
  • Certified Checkpoint Security Administrator - CCSA


Research Interests

Paresh’ s research focus is on security of in Modbus protocol used in critical infrastructure systems and the  security framework of industrial control systems. He is also interested in wireless security, IoT devices, network architecture security and computer forensics

Conference Publications/ Presentations

  • Kerai, P. Vekariya, V., (2016), An exploration of artefacts of remote desktop applications on Windows. Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia. DOI 10.4225/75/58a54f83180cc.
  • Kerai, P., (2010), Remote Access Forensics for VNC and RDP on Windows Platform. Proceedings of the 8th Australian Digital Forensics Conference,Edith Cowan University, Perth Western Australia, November 30th 2010. DOI 10.4225/75/57b2a86540cde
  • Kerai, P., Tracing VNC And RDP Protocol Artefacts on Windows Mobile and Windows Smartphone for Forensic Purpose. Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010.


  • Professor Craig Valli – Edith Cowan University – Security Research Institute
  • Mr Peter Hannay – Edith Cowan University


Mr Paresh L Kerai
PhD Student
ECU Security Research Institute
School of Science
Skip to top of page