Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal; Alvaro A. Cardenas; Avishai Wool

doi:10.1007/978-3-030-12330-7_7

Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal, Alvaro A. Cardenas^*, Avishai Wool

^*Corresponding author for this work

School of Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

10 Scopus citations

Abstract

Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

Original language	English
Title of host publication	Advanced Sciences and Technologies for Security Applications
Publisher	Springer
Pages	139-160
Number of pages	22
DOIs	https://doi.org/10.1007/978-3-030-12330-7_7
State	Published - 2019

Publication series

Name	Advanced Sciences and Technologies for Security Applications
ISSN (Print)	1613-5113
ISSN (Electronic)	2363-9466

Funding

Funders	Funder number
United States National Science Foundation
National Science Foundation	1718848
Sigma Theta Tau International
United States-Israel Binational Science Foundation

Keywords

Anomaly detection
DTMC
IIoT
Modeling

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-030-12330-7_7

Cite this

@inbook{f3cbfae443644a989159da501d31311a,

title = "Profiling communications in industrial ip networks: Model complexity and anomaly detection",

abstract = "Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).",

keywords = "Anomaly detection, DTMC, IIoT, Modeling",

author = "Faisal, \{Mustafa Amir\} and Cardenas, \{Alvaro A.\} and Avishai Wool",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.",

year = "2019",

doi = "10.1007/978-3-030-12330-7\_7",

language = "אנגלית",

series = "Advanced Sciences and Technologies for Security Applications",

publisher = "Springer",

pages = "139--160",

booktitle = "Advanced Sciences and Technologies for Security Applications",

}

Profiling communications in industrial ip networks: Model complexity and anomaly detection. / Faisal, Mustafa Amir; Cardenas, Alvaro A.; Wool, Avishai.
Advanced Sciences and Technologies for Security Applications. Springer, 2019. p. 139-160 (Advanced Sciences and Technologies for Security Applications).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Profiling communications in industrial ip networks

T2 - Model complexity and anomaly detection

AU - Faisal, Mustafa Amir

AU - Cardenas, Alvaro A.

AU - Wool, Avishai

PY - 2019

Y1 - 2019

N2 - Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

AB - Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

KW - Anomaly detection

KW - DTMC

KW - IIoT

KW - Modeling

UR - http://www.scopus.com/inward/record.url?scp=85075810444&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-12330-7_7

DO - 10.1007/978-3-030-12330-7_7

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.chapter???

AN - SCOPUS:85075810444

T3 - Advanced Sciences and Technologies for Security Applications

SP - 139

EP - 160

BT - Advanced Sciences and Technologies for Security Applications

PB - Springer

ER -

Profiling communications in industrial ip networks: Model complexity and anomaly detection

Abstract

Publication series

Funding

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this