Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU136272" target="_blank" >RIV/00216305:26230/20:PU136272 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.fit.vut.cz/research/publication/12253/" target="_blank" >https://www.fit.vut.cz/research/publication/12253/</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS

Popis výsledku v původním jazyce

This report provides results from the experiments aimed to evaluate the threat detection capabilities of the Flowmon Anomaly Detection System in the environment of Industrial Control Systems. The experiments follow a procedure described in the NISTIR 8219 report, which identifies a critical set of security threats to ICS and illustrates how behavior anomaly detection systems can be used as a key security component for industrial systems. We have shown that many of the identified security threats can be identified with the Flowmon ADS even without considering any specific ICS rules. The report systematically evaluates the scenarios considering network-based anomaly detection methods. We set up a virtual environment that contains ICS and Flowmon software. In this environment, we were able to demonstrate all scenarios and check Flowmon responses to the induced security threats.

Název v anglickém jazyce

Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS

Popis výsledku anglicky

This report provides results from the experiments aimed to evaluate the threat detection capabilities of the Flowmon Anomaly Detection System in the environment of Industrial Control Systems. The experiments follow a procedure described in the NISTIR 8219 report, which identifies a critical set of security threats to ICS and illustrates how behavior anomaly detection systems can be used as a key security component for industrial systems. We have shown that many of the identified security threats can be identified with the Flowmon ADS even without considering any specific ICS rules. The report systematically evaluates the scenarios considering network-based anomaly detection methods. We set up a virtual environment that contains ICS and Flowmon software. In this environment, we were able to demonstrate all scenarios and check Flowmon responses to the induced security threats.

Druh

O - Ostatní výsledky

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/TN01000077" target="_blank" >TN01000077: Národní centrum kompetence pro Kyberbezpečnost</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů