Detecting anomalies in printed intelligence factory network

Matti Mantere, Mirko Sailio, Sami Noponen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.
    Original languageEnglish
    Title of host publicationRisks and Security of Internet and Systems
    Subtitle of host publicationCRiSIS 2014
    PublisherSpringer
    Pages1-16
    ISBN (Electronic)978-3-319-17127-2
    ISBN (Print)978-3-319-17126-5
    DOIs
    Publication statusPublished - 28 Apr 2015
    MoE publication typeA4 Article in a conference publication
    Event9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014 - Trento, Italy
    Duration: 27 Aug 201529 Aug 2015
    Conference number: 9

    Publication series

    SeriesLecture Notes in Computer Science
    Volume8924
    ISSN0302-9743

    Conference

    Conference9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014
    Abbreviated titleCRiSIS 2014
    CountryItaly
    CityTrento
    Period27/08/1529/08/15

    Keywords

    • anomaly detection
    • cybersecurity
    • ICS network
    • machine learning
    • network security monitoring
    • SCADA network

    Fingerprint Dive into the research topics of 'Detecting anomalies in printed intelligence factory network'. Together they form a unique fingerprint.

  • Cite this

    Mantere, M., Sailio, M., & Noponen, S. (2015). Detecting anomalies in printed intelligence factory network. In Risks and Security of Internet and Systems: CRiSIS 2014 (pp. 1-16). Springer. Lecture Notes in Computer Science, Vol.. 8924 https://doi.org/10.1007/978-3-319-17127-2_1