Abstract
Network security monitoring using machine learning
algorithms is a topic that has been well researched and
found to be difficult to use. We propose to use a
specific approach in restricted IP network environments
and leverage the network state information and
information from individual connections for increased
level of sensitivity. The approach is meant for use in
restricted IP networks which exhibit a level of
determinism that enables the use of machine learning
approach. In this work we use algorithm called
Self-Organizing Maps. We introduce an implementation of
self-organizing maps engine built on top of the Bro
network security monitor. An implemented selection of
initial features for the Self-Organizing Maps is provided
and a sample sub-set is used when training a SOM lattice
for network data from an industrial control system
environment. The anomaly detection prototype described in
this paper is meant as a complementary mechanism, not a
standalone solution for network security monitoring
Original language | English |
---|---|
Title of host publication | Proceedings of the 3rd international conference on High confidence networked systems, HiCoNS '14 |
Publisher | Association for Computing Machinery ACM |
Pages | 49-56 |
ISBN (Print) | 978-1-4503-2652-0 |
DOIs | |
Publication status | Published - 2014 |
MoE publication type | A4 Article in a conference publication |
Event | 3rd international conference on High confidence networked systems, HiCoNS 2014 - Berlin, Germany Duration: 15 Apr 2014 → 17 Apr 2014 |
Conference
Conference | 3rd international conference on High confidence networked systems, HiCoNS 2014 |
---|---|
Abbreviated title | HiCoNS 2014 |
Country/Territory | Germany |
City | Berlin |
Period | 15/04/14 → 17/04/14 |
Keywords
- Cyber security
- anomaly detection
- network security
- SCADA security
- ICS security