Statistical Methods for Anomaly Detection in Industrial Communication
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F21%3APU140800" target="_blank" >RIV/00216305:26230/21:PU140800 - isvavai.cz</a>
Result on the web
<a href="https://www.fit.vut.cz/research/publication/12502/" target="_blank" >https://www.fit.vut.cz/research/publication/12502/</a>
DOI - Digital Object Identifier
—
Alternative languages
Result language
angličtina
Original language name
Statistical Methods for Anomaly Detection in Industrial Communication
Original language description
This report focuses on application of selected statistical methods to anomaly detection of ICS protocols deployed in smart grids, namely IEC 104, GOOSE and MMS. Industrial network stations are typically pre-configured hardware devices that operate in master-slave mode and exhibits stable and periodic communication patterns over a long time. Due to the stability of ICS communication, statistical models present a natural way for detection of common ICS anomalies. For probabilistic modeling of network behavior we employ the following statistical features: distribution of packet inter-arrival times, packet size, and packet direction. This report presents the results of our experiments with three statistical methods: the Box Plot, Three Sigma Rule and Local Outlier Factor (LOF) which worked best for ICS datasets.
Czech name
—
Czech description
—
Classification
Type
O - Miscellaneous
CEP classification
—
OECD FORD branch
20206 - Computer hardware and architecture
Result continuities
Project
<a href="/en/project/VI20192022138" target="_blank" >VI20192022138: Security monitoring of ICS communication in the smart grid</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2021
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů