Detecting Anomalies in Printed Intelligence Factory Network

Autor:	Mirko Sailio, Sami Noponen, Matti Mantere
Rok vydání:	2015
Předmět:	SCADA network ICS network cybersecurity Network security business.industry Computer science Computer security computer.software_genre anomaly detection machine learning SCADA network security monitoring Factory (object-oriented programming) Anomaly detection Predictability business computer
Zdroj:	Lecture Notes in Computer Science ISBN: 9783319171265 CRiSIS
DOI:	10.1007/978-3-319-17127-2_1
Popis:	Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_dedup___::394a6660b3f0baf19bd2f9e279eb7931 https://doi.org/10.1007/978-3-319-17127-2_1 Zobrazit plný text záznamu