Incident Detection System for Industrial Networks

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU142641" target="_blank" >RIV/00216305:26220/22:PU142641 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-04424-3_5" target="_blank" >10.1007/978-3-031-04424-3_5</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Incident Detection System for Industrial Networks

Popis výsledku v původním jazyce

Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52 %), machine learning (with an accuracy of 100 %), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

Název v anglickém jazyce

Incident Detection System for Industrial Networks

Popis výsledku anglicky

Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52 %), machine learning (with an accuracy of 100 %), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

Druh

C - Kapitola v odborné knize

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/VI20192022132" target="_blank" >VI20192022132: Kybernetická aréna pro výzkum, testování a edukaci v oblasti kyberbezpečnosti</a><br>

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název knihy nebo sborníku

Big Data Privacy and Security in Smart Cities

ISBN

978-3-031-04424-3

Počet stran výsledku

20

Strana od-do

83-102

Počet stran knihy

248

Název nakladatele

Springer

Místo vydání

Neuveden

Kód UT WoS kapitoly

—