A Network Traffic Processing Library for ICS Anomaly Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F21%3APU140791" target="_blank" >RIV/00216305:26230/21:PU140791 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.fit.vut.cz/research/publication/12483/" target="_blank" >https://www.fit.vut.cz/research/publication/12483/</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3459960.3459963" target="_blank" >10.1145/3459960.3459963</a>

Jazyk výsledku

angličtina

Název v původním jazyce

A Network Traffic Processing Library for ICS Anomaly Detection

Popis výsledku v původním jazyce

Anomaly detection in industrial control systems based on traffic monitoring is one of the key components in securing these critical cyber-physical environments. Many anomaly detection methods have been proposed in the past decade. They are based on various principles stemming from signature detection, statistical analysis, or machine learning. Because of the lack of ICS communication datasets, their evaluation and mainly comparing their performance is problematic. If provided as a prototype implementation, the methods are implemented in various languages and require different input formats. In the present paper, we propose a library that can process ICS communication, extract required information, e.g., various packet-level or flow-level features, and provide the data to a user-specified anomaly detection method. It is possible to integrate the library in the system that automates the entire processing pipeline enabling us to conduct experiments with different methods while saving the time needed for manual data preparation. We also provide a preliminary performance evaluation of the library and demonstrate the system using two simple anomaly detection methods.

Název v anglickém jazyce

A Network Traffic Processing Library for ICS Anomaly Detection

Popis výsledku anglicky

Anomaly detection in industrial control systems based on traffic monitoring is one of the key components in securing these critical cyber-physical environments. Many anomaly detection methods have been proposed in the past decade. They are based on various principles stemming from signature detection, statistical analysis, or machine learning. Because of the lack of ICS communication datasets, their evaluation and mainly comparing their performance is problematic. If provided as a prototype implementation, the methods are implemented in various languages and require different input formats. In the present paper, we propose a library that can process ICS communication, extract required information, e.g., various packet-level or flow-level features, and provide the data to a user-specified anomaly detection method. It is possible to integrate the library in the system that automates the entire processing pipeline enabling us to conduct experiments with different methods while saving the time needed for manual data preparation. We also provide a preliminary performance evaluation of the library and demonstrate the system using two simple anomaly detection methods.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/VI20192022138" target="_blank" >VI20192022138: Bezpečnostní monitorování řídicí komunikace ICS v energetických sítích (BONNET)</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ECBS '21: Proceedings of the 7th Conference on the Engineering of Computer Based Systems

ISBN

978-1-4503-9057-6

ISSN

—

e-ISSN

—

Počet stran výsledku

7

Strana od-do

144-151

Název nakladatele

Association for Computing Machinery

Místo vydání

Novi Sad

Místo konání akce

Novi Sad

Datum konání akce

26. 5. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—