Identification of industrial devices based on payload

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F24%3APU151835" target="_blank" >RIV/00216305:26220/24:PU151835 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/10.1145/3664476.3670462" target="_blank" >https://dl.acm.org/doi/10.1145/3664476.3670462</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3664476.3670462" target="_blank" >10.1145/3664476.3670462</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Identification of industrial devices based on payload

Popis výsledku v původním jazyce

Identification of industrial devices based on their behavior in network communication is important from a cybersecurity perspective in two areas: attack prevention and digital forensics. In both areas, device identification falls under asset management or asset tracking. Due to the impact of active scanning on these networks, particularly in terms of latency, it is important to use passive scanning in industrial networks. For passive identification, statistical learning algorithms are nowadays the most appropriate. The aim of this paper is to demonstrate the potential for passive identification of PLC devices using statistical learning based on network communication, specifically the payload of the packet. Individual statistical parameters from 15 minutes of traffic based on payload entropy were used to create the features. Three scenarios were performed and the XGBoost algorithm was used for evaluation. In the best scenario, the model achieved an accuracy score of 83% to identify individual devices.

Název v anglickém jazyce

Identification of industrial devices based on payload

Popis výsledku anglicky

Identification of industrial devices based on their behavior in network communication is important from a cybersecurity perspective in two areas: attack prevention and digital forensics. In both areas, device identification falls under asset management or asset tracking. Due to the impact of active scanning on these networks, particularly in terms of latency, it is important to use passive scanning in industrial networks. For passive identification, statistical learning algorithms are nowadays the most appropriate. The aim of this paper is to demonstrate the potential for passive identification of PLC devices using statistical learning based on network communication, specifically the payload of the packet. Individual statistical parameters from 15 minutes of traffic based on payload entropy were used to create the features. Three scenarios were performed and the XGBoost algorithm was used for evaluation. In the best scenario, the model achieved an accuracy score of 83% to identify individual devices.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/FW06010490" target="_blank" >FW06010490: Krypto portál chytrého měření</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

ISBN

979-8-4007-1718-5

ISSN

—

e-ISSN

—

Počet stran výsledku

9

Strana od-do

1-9

Název nakladatele

Association for Computing Machinery

Místo vydání

New York, NY, USA

Místo konání akce

Vídeň

Datum konání akce

30. 7. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—