Automating security tests for industrial automation devices using neural networks

TCP/IP OS fingerprinting is the task of identify a machine operating system according to its protocol stack implementation. Fingerprinting tools are able to provide information that can be useful to protect SCADA systems. It can be used for network device inventory, detect unauthorized or dangerous devices and select security tests. In this work we propose a new method for identify and classify network devices using the nmap tool fingerprinting capabilities and a neural network. With a new metric based on Euclidean distance for comparing OS fingerprints and a self-organizing neural net, we build a contextual map that groups similarities between systems. This map will be used to identify devices based on its operating system and select security tests according to the device class it belongs to.

[1]  Teuvo Kohonen,et al.  Self-organization and associative memory: 3rd edition , 1989 .

[2]  Jean-Dominique Decotignie,et al.  Ethernet-Based Real-Time and Industrial Communications , 2005, Proceedings of the IEEE.

[3]  E.J. Byres,et al.  Industrial cybersecurity for power system and SCADA networks , 2005, Record of Conference Papers Industry Applications Society 52nd Annual Petroleum and Chemical Industry Conference.

[4]  T. Kohonen,et al.  Bibliography of Self-Organizing Map SOM) Papers: 1998-2001 Addendum , 2003 .

[5]  Paulo S. Motta Pires,et al.  Security Aspects of SCADA and Corporate Network Interconnection: An Overview , 2006, 2006 International Conference on Dependability of Computer Systems.

[6]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.