Visualizing Network Flows and Related Anomalies in Industrial Networks using Chord Diagrams and Whitelisting

Industrial Control Systems are the set of specialized elements that monitor and control physical processes. Those systems are normally interconnected forming environments known as industrial networks. The particularities of these networks disallow the usage of traditional IT security mechanisms, while allowing other security strategies not suitable for IT networks. As industrial network traffic flows follow constant and repetitive patterns, whitelisting has been proved a viable approach for anomaly detection in industrial networks. In this paper, we present a network flow and related alert visualization system based on chord diagrams. The system represents the detected network flows within a time interval, highlighting the ones that do not comply the whitelisting rules. Moreover, it also depicts the network flows that, even if they are registered in the whitelist, have not been detected on the selected time interval (e.g. a host is down). Finally, the visualization system is tested with network data coming from a real industrial network.

[1]  Jeffrey Heer,et al.  D³ Data-Driven Documents , 2011, IEEE Transactions on Visualization and Computer Graphics.

[2]  Steven J. M. Jones,et al.  Circos: an information aesthetic for comparative genomics. , 2009, Genome research.

[3]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[4]  Thomas Ertl,et al.  OCEANS: online collaborative explorative analysis on network security , 2014, VizSec '14.

[5]  Oliver Niggemann,et al.  On Visual Analytics in Plant Monitoring , 2014 .

[6]  Wei Zeng,et al.  Visualizing Interchange Patterns in Massive Movement Data , 2013, Comput. Graph. Forum.

[7]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[8]  Paul A. Watters,et al.  Unsupervised authorship analysis of phishing webpages , 2012, 2012 International Symposium on Communications and Information Technologies (ISCIT).

[9]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.

[10]  Aiko Pras,et al.  Flow whitelisting in SCADA networks , 2013, Int. J. Crit. Infrastructure Prot..

[11]  Kensuke Fukuda,et al.  Visual comparison of network anomaly detectors with chord diagrams , 2014, SAC.

[12]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[13]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.