Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal, Alvaro A. Cardenas*, Avishai Wool

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

Abstract

Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

Original languageEnglish
Title of host publicationAdvanced Sciences and Technologies for Security Applications
PublisherSpringer
Pages139-160
Number of pages22
DOIs
StatePublished - 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466

Keywords

  • Anomaly detection
  • DTMC
  • IIoT
  • Modeling

Fingerprint

Dive into the research topics of 'Profiling communications in industrial ip networks: Model complexity and anomaly detection'. Together they form a unique fingerprint.

Cite this