论文信息 - Measuring the Growth in Complexity of Models from Industrial Control Networks

Measuring the Growth in Complexity of Models from Industrial Control Networks

Profiling communication patterns between industrial devices is important for detecting anomalies and potential cyber-attacks. In this paper we do deep-packet inspection of various industrial protocols to generate models of communications between pairs of devices; in particular, we use two models (deterministic finite automata and discrete-time Markov chains) applied to three different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, and (3) a large-scale water treatment facility. Overall these datasets represent a variety of industrial protocols, including EtherNet/IP, DNP3, and Modbus/TCP.

Alvaro A. Cárdenas | Mustafa Amir Faisal

[1] Frank Kargl,et al. Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[2] Avishai Wool,et al. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[3] Avishai Wool,et al. Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic , 2014, J. Digit. Forensics Secur. Law.

[4] Avishai Wool,et al. Automatic Construction of Statechart-Based Anomaly Detection Models for Multi-Threaded SCADA via Spectral Analysis , 2016, CPS-SPC '16.

[5] Avishai Wool,et al. A Statechart-Based Anomaly Detection Model for Multi-Threaded SCADA Systems , 2015, CRITIS.