Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU136272" target="_blank" >RIV/00216305:26230/20:PU136272 - isvavai.cz</a>
Výsledek na webu
<a href="https://www.fit.vut.cz/research/publication/12253/" target="_blank" >https://www.fit.vut.cz/research/publication/12253/</a>
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS
Popis výsledku v původním jazyce
This report provides results from the experiments aimed to evaluate the threat detection capabilities of the Flowmon Anomaly Detection System in the environment of Industrial Control Systems. The experiments follow a procedure described in the NISTIR 8219 report, which identifies a critical set of security threats to ICS and illustrates how behavior anomaly detection systems can be used as a key security component for industrial systems. We have shown that many of the identified security threats can be identified with the Flowmon ADS even without considering any specific ICS rules. The report systematically evaluates the scenarios considering network-based anomaly detection methods. We set up a virtual environment that contains ICS and Flowmon software. In this environment, we were able to demonstrate all scenarios and check Flowmon responses to the induced security threats.
Název v anglickém jazyce
Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS
Popis výsledku anglicky
This report provides results from the experiments aimed to evaluate the threat detection capabilities of the Flowmon Anomaly Detection System in the environment of Industrial Control Systems. The experiments follow a procedure described in the NISTIR 8219 report, which identifies a critical set of security threats to ICS and illustrates how behavior anomaly detection systems can be used as a key security component for industrial systems. We have shown that many of the identified security threats can be identified with the Flowmon ADS even without considering any specific ICS rules. The report systematically evaluates the scenarios considering network-based anomaly detection methods. We set up a virtual environment that contains ICS and Flowmon software. In this environment, we were able to demonstrate all scenarios and check Flowmon responses to the induced security threats.
Klasifikace
Druh
O - Ostatní výsledky
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
<a href="/cs/project/TN01000077" target="_blank" >TN01000077: Národní centrum kompetence pro Kyberbezpečnost</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2020
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů