| Autor: |
Ghosh, Tirthankar, Bagui, Sikha, Bagui, Subhash, Kadzis, Martin, Day, Logan, Bare, Jackson |
| Předmět: |
|
| Zdroj: |
International Journal for Computers & Their Applications; Sep2022, Vol. 29 Issue 3, p173-180, 8p |
| Abstrakt: |
Anomalies in network traffic are usually detected by measuring unexpected deviation from what constitutes a baseline. Several statistical techniques have been proposed to create baselines and measure deviation. However, simply looking at traffic volume to find anomalous deviation may result in increased false positives. Traffic feature distributions need to be created, and deviations need to be measured for these features. An effective approach to finding anomalous deviations starts with entropy analysis on these features. This paper presents an entropy analysis on an industrial control system network using selected features with datasets obtained from an HVAC system. The paper starts with a fundamental question: whether preliminary entropy analysis on Modbus-over-TCP data using only a few TCP/IP features, without going into Modbus traffic, gives information about an anomaly in the network. Relative entropy was computed using Kullback-Leibler divergence to study deviation of malicious traffic from non-malicious. To gain further insight on detecting anomalies within the ICS traffic, the work was extended to bivariate joint entropy analysis using pairs of features. Initial analysis of the bivariate joint entropy also showed some promising results, but as in the univariate analysis, the bivariate joint entropy analysis showed that none of the feature pairs indicated a presence of reconnaissance. [ABSTRACT FROM AUTHOR] |
| Databáze: |
Complementary Index |
| Externí odkaz: |
|
