Detecting anomalies in printed intelligence factory network
| Autor: | Mantere, Matti, Sailio, Mirko, Noponen, Sami |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2015 |
| Předmět: | |
| Zdroj: | Mantere, M, Sailio, M & Noponen, S 2015, Detecting anomalies in printed intelligence factory network . in Risks and Security of Internet and Systems : CRiSIS 2014 . Springer, Lecture Notes in Computer Science, vol. 8924, pp. 1-16, 9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014, Trento, Italy, 27/08/15 . https://doi.org/10.1007/978-3-319-17127-2_1 |
| DOI: | 10.1007/978-3-319-17127-2_1 |
| Popis: | Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|