IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v5y2013i4p460-473d29083.html
   My bibliography  Save this article

Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network

Author

Listed:
  • Matti Mantere

    (VTT Technical Research Centre of Finland, Kaitovayla 1, Oulu 90571, Finland)

  • Mirko Sailio

    (VTT Technical Research Centre of Finland, Kaitovayla 1, Oulu 90571, Finland)

  • Sami Noponen

    (VTT Technical Research Centre of Finland, Kaitovayla 1, Oulu 90571, Finland)

Abstract

The deterministic and restricted nature of industrial control system networks sets them apart from more open networks, such as local area networks in office environments. This improves the usability of network security, monitoring approaches that would be less feasible in more open environments. One of such approaches is machine learning based anomaly detection. Without proper customization for the special requirements of the industrial control system network environment, many existing anomaly or misuse detection systems will perform sub-optimally. A machine learning based approach could reduce the amount of manual customization required for different industrial control system networks. In this paper we analyze a possible set of features to be used in a machine learning based anomaly detection system in the real world industrial control system network environment under investigation. The network under investigation is represented by architectural drawing and results derived from network trace analysis. The network trace is captured from a live running industrial process control network and includes both control data and the data flowing between the control network and the office network. We limit the investigation to the IP traffic in the traces.

Suggested Citation

  • Matti Mantere & Mirko Sailio & Sami Noponen, 2013. "Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network," Future Internet, MDPI, vol. 5(4), pages 1-14, September.
  • Handle: RePEc:gam:jftint:v:5:y:2013:i:4:p:460-473:d:29083
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/5/4/460/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/5/4/460/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Lahza, Hassan & Radke, Kenneth & Foo, Ernest, 2018. "Applying domain-specific knowledge to construct features for detecting distributed denial-of-service attacks on the GOOSE and MMS protocols," International Journal of Critical Infrastructure Protection, Elsevier, vol. 20(C), pages 48-67.
    2. Marcio Andrey Teixeira & Tara Salman & Maede Zolanvari & Raj Jain & Nader Meskin & Mohammed Samaka, 2018. "SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach," Future Internet, MDPI, vol. 10(8), pages 1-15, August.
    3. Umer, Muhammad Azmi & Junejo, Khurum Nazir & Jilani, Muhammad Taha & Mathur, Aditya P., 2022. "Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations," International Journal of Critical Infrastructure Protection, Elsevier, vol. 38(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:5:y:2013:i:4:p:460-473:d:29083. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.