Abstract
The deterministic and restricted nature of industrial control system networks sets them apart from more open networks, such as local area networks in office environments. This improves the usability of network security, monitoring approaches that would be less feasible in more open environments. One of such approaches is machine learning based anomaly detection. Without proper customization for the special requirements of the industrial control system network environment, many existing anomaly or misuse detection systems will perform sub-optimally. A machine learning based approach could reduce the amount of manual customization required for different industrial control system networks. In this paper we analyze a possible set of features to be used in a machine learning based anomaly detection system in the real world industrial control system network environment under investigation. The network under investigation is represented by architectural drawing and results derived from network trace analysis. The network trace is captured from a live running industrial process control network and includes both control data and the data flowing between the control network and the office network. We limit the investigation to the IP traffic in the traces.
Highlights
Acquiring a commercial off-the-shelf (COTS) intrusion detection system (IDS) or network security monitor (NSM) set-up and placing it in an arbitrary location in an industrial control system (ICS) network is a straightforward task in itself
Device manufacturers and service providers increasingly require remote connections to more of the devices in the field, and industrial automation is slowly merging into the Internet of Things
In the paper [2] we discussed the applicability of the machine learning approach to decrease the amount of manual customization required for deploying NSM system or IDSs in an ICS network
Summary
Acquiring a commercial off-the-shelf (COTS) intrusion detection system (IDS) or network security monitor (NSM) set-up and placing it in an arbitrary location in an industrial control system (ICS) network is a straightforward task in itself. Device manufacturers and service providers increasingly require remote connections to more of the devices in the field, and industrial automation is slowly merging into the Internet of Things. The ICS network environments are still very isolated compared to the traditional ICT organization’s networks. Internet connections in the ICS environments should be managed and monitored carefully. In the paper [2] we discussed the applicability of the machine learning approach to decrease the amount of manual customization required for deploying NSM system or IDSs in an ICS network
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
