Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal; Alvaro A. Cardenas; Avishai Wool

doi:10.1007/978-3-030-12330-7_7

Profiling communications in industrial ip networks: Model complexity and anomaly detection

Mustafa Amir Faisal, Alvaro A. Cardenas, Avishai Wool

School of Electrical Engineering

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

Original language	English
Title of host publication	Advanced Sciences and Technologies for Security Applications
Pages	139-160
Number of pages	22
DOIs	https://doi.org/10.1007/978-3-030-12330-7_7
State	Published - 2019

Publication series

Name	Advanced Sciences and Technologies for Security Applications

Keywords

Anomaly detection
DTMC
IIoT
Modeling

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Safety Research
Political Science and International Relations
Computer Science Applications
Computer Networks and Communications
Health, Toxicology and Mutagenesis

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-030-12330-7_7

Cite this

@inbook{f92948e89929430f9dd3c33a83cbf5df,

title = "Profiling communications in industrial ip networks: Model complexity and anomaly detection",

abstract = "Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).",

keywords = "Anomaly detection, DTMC, IIoT, Modeling",

author = "Faisal, \{Mustafa Amir\} and Cardenas, \{Alvaro A.\} and Avishai Wool",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.",

year = "2019",

doi = "10.1007/978-3-030-12330-7\_7",

language = "الإنجليزيّة",

series = "Advanced Sciences and Technologies for Security Applications",

pages = "139--160",

booktitle = "Advanced Sciences and Technologies for Security Applications",

}

Profiling communications in industrial ip networks: Model complexity and anomaly detection. / Faisal, Mustafa Amir; Cardenas, Alvaro A.; Wool, Avishai.
Advanced Sciences and Technologies for Security Applications. 2019. p. 139-160 (Advanced Sciences and Technologies for Security Applications).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Profiling communications in industrial ip networks

T2 - Model complexity and anomaly detection

AU - Faisal, Mustafa Amir

AU - Cardenas, Alvaro A.

AU - Wool, Avishai

PY - 2019

Y1 - 2019

N2 - Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

AB - Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).

KW - Anomaly detection

KW - DTMC

KW - IIoT

KW - Modeling

UR - http://www.scopus.com/inward/record.url?scp=85075810444&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-12330-7_7

DO - 10.1007/978-3-030-12330-7_7

M3 - فصل

T3 - Advanced Sciences and Technologies for Security Applications

SP - 139

EP - 160

BT - Advanced Sciences and Technologies for Security Applications

ER -

Profiling communications in industrial ip networks: Model complexity and anomaly detection

Abstract

Publication series

Keywords

All Science Journal Classification (ASJC) codes

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this