All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Incident Detection System for Industrial Networks

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU142641" target="_blank" >RIV/00216305:26220/22:PU142641 - isvavai.cz</a>

  • Result on the web

    <a href="https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-031-04424-3_5" target="_blank" >10.1007/978-3-031-04424-3_5</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Incident Detection System for Industrial Networks

  • Original language description

    Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52 %), machine learning (with an accuracy of 100 %), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

  • Czech name

  • Czech description

Classification

  • Type

    C - Chapter in a specialist book

  • CEP classification

  • OECD FORD branch

    20203 - Telecommunications

Result continuities

  • Project

    <a href="/en/project/VI20192022132" target="_blank" >VI20192022132: Cyber-arena for research, testing and education in cybersecurity</a><br>

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2022

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Book/collection name

    Big Data Privacy and Security in Smart Cities

  • ISBN

    978-3-031-04424-3

  • Number of pages of the result

    20

  • Pages from-to

    83-102

  • Number of pages of the book

    248

  • Publisher name

    Springer

  • Place of publication

    Neuveden

  • UT code for WoS chapter

Similar results(10)

Security Modules for Securing Industrial NetworksIndustrial network security moduleImplementation of Firmware Testing and Documentation of a Communication Protocol