Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal, Alvaro A. Cardenas*, Avishai Wool

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

8 Scopus citations


Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

Original languageEnglish
Title of host publicationAdvanced Sciences and Technologies for Security Applications
Number of pages22
StatePublished - 2019

Publication series

NameAdvanced Sciences and Technologies for Security Applications
ISSN (Print)1613-5113
ISSN (Electronic)2363-9466


FundersFunder number
United States National Science Foundation
National Science Foundation1718848
Sigma Theta Tau International
United States-Israel Binational Science Foundation


    • Anomaly detection
    • DTMC
    • IIoT
    • Modeling


    Dive into the research topics of 'Profiling communications in industrial ip networks: Model complexity and anomaly detection'. Together they form a unique fingerprint.

    Cite this