Top of page
Global Site Navigation

School of Science

Local Section Navigation

Help us improve our content by rating this page.

Page rating system

Please leave a comment about your rating so we can better understand how we might improve the page.

You are here: Main Content

Mr Paresh L Kerai

Overview

Automated Detection and analysis of Network Borne Threats in Modbus Environments

The proposed research will produce a framework for automated detection and testing of network borne malware threats that are present in Industrial control systems or supervisory control and data acquisition. The ModBUS protocol is widely used on SCADA networks and other industrial field devices and also used to control HVAC (Heating, Ventilation and Air Conditioning) and operational equipment such as industrial control systems. SCADA networks monitor and control critical industrial functions enabling process control of infrastructures for production, manufacturing and power generation companies, which includes, natural gas, electricity, oil, water, sewage treatment and railroads network (Harper et al., 2011).

The ModBUS protocol was developed and introduced in 1979 by Modicon. The protocol is an application layer protocol and is used to transmit communications between master (client) and slave (server). It was initially developed to provide reliability and availability however the security of the protocol and secure the infrastructure was not considered priority at the time as these systems are closed. Therefore, the industrial systems or infrastructure networks using ModBUS are insecure and exposed to a variety of cyber security attacks. Cyber-attacks on industrial control systems that use ModBUS protocol has increased in recent times and tools and methods need to be developed to adhere the problem.

Professional Associations

  • Australian Information Security Society – (AISA)
  • High Technology Crime Investigation Association – (HTCIA)

Qualifications

  • Bachelor of Computer and Network Security – Edith Cowan University 2006-2009
  • Bachelor of Computer Science (Honours) – Edith Cowan University 2009-2010
  • Doctor of Philosophy – Edith Cowan University 2015-current

Other Qualifications

  • Systems Security Certified Practitioner – (SSCP) ICS2
  • Compita Security plus
  • Intel Security Product Specialist - Network Security Platform, McAfee ePO Orchestrator and McAfee VirusScan.
  • Certified Checkpoint Security Administrator - CCSA

Research

Research Interests

Paresh’ s research focus is on security of in Modbus protocol used in critical infrastructure systems and the  security framework of industrial control systems. He is also interested in wireless security, IoT devices, network architecture security and computer forensics

Conference Publications/ Presentations

  • Kerai, P. Vekariya, V., (2016), An exploration of artefacts of remote desktop applications on Windows. Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia. DOI 10.4225/75/58a54f83180cc.
  • Kerai, P., (2010), Remote Access Forensics for VNC and RDP on Windows Platform. Proceedings of the 8th Australian Digital Forensics Conference,Edith Cowan University, Perth Western Australia, November 30th 2010. DOI 10.4225/75/57b2a86540cde
  • Kerai, P., Tracing VNC And RDP Protocol Artefacts on Windows Mobile and Windows Smartphone for Forensic Purpose. Proceedings of the 1st International Cyber Resilience Conference, Edith Cowan University, Perth Western Australia, 23rd August 2010.

Supervisors

Contact

Mr Paresh L Kerai
PhD Student
ECU Security Research Institute
School of Science
Skip to top of page