All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

A Network Traffic Processing Library for ICS Anomaly Detection

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F21%3APU140791" target="_blank" >RIV/00216305:26230/21:PU140791 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.fit.vut.cz/research/publication/12483/" target="_blank" >https://www.fit.vut.cz/research/publication/12483/</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3459960.3459963" target="_blank" >10.1145/3459960.3459963</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    A Network Traffic Processing Library for ICS Anomaly Detection

  • Original language description

    Anomaly detection in industrial control systems based on traffic monitoring is one of the key components in securing these critical cyber-physical environments. Many anomaly detection methods have been proposed in the past decade. They are based on various principles stemming from signature detection, statistical analysis, or machine learning. Because of the lack of ICS communication datasets, their evaluation and mainly comparing their performance is problematic. If provided as a prototype implementation, the methods are implemented in various languages and require different input formats. In the present paper, we propose a library that can process ICS communication, extract required information, e.g., various packet-level or flow-level features, and provide the data to a user-specified anomaly detection method. It is possible to integrate the library in the system that automates the entire processing pipeline enabling us to conduct experiments with different methods while saving the time needed for manual data preparation. We also provide a preliminary performance evaluation of the library and demonstrate the system using two simple anomaly detection methods.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    20206 - Computer hardware and architecture

Result continuities

  • Project

    <a href="/en/project/VI20192022138" target="_blank" >VI20192022138: Security monitoring of ICS communication in the smart grid</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2021

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    ECBS '21: Proceedings of the 7th Conference on the Engineering of Computer Based Systems

  • ISBN

    978-1-4503-9057-6

  • ISSN

  • e-ISSN

  • Number of pages

    7

  • Pages from-to

    144-151

  • Publisher name

    Association for Computing Machinery

  • Place of publication

    Novi Sad

  • Event location

    Novi Sad

  • Event date

    May 26, 2021

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

ICS detection algorithms software libraryMODBUS Dataset for ICS Anomaly DetectionLearning Probabilistic Automata in the Context of IEC 104