Detecting anomalies in printed intelligence factory network

Matti Mantere; Mirko Sailio; Sami Noponen

doi:10.1007/978-3-319-17127-2_1

Detecting anomalies in printed intelligence factory network

Matti Mantere, Mirko Sailio, Sami Noponen

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

1 Citation (Scopus)

Abstract

Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.

Original language	English
Title of host publication	Risks and Security of Internet and Systems
Subtitle of host publication	CRiSIS 2014
Publisher	Springer
Pages	1-16
ISBN (Electronic)	978-3-319-17127-2
ISBN (Print)	978-3-319-17126-5
DOIs	https://doi.org/10.1007/978-3-319-17127-2_1
Publication status	Published - 28 Apr 2015
MoE publication type	A4 Article in a conference publication
Event	9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014 - Trento, Italy Duration: 27 Aug 2015 → 29 Aug 2015 Conference number: 9

Publication series

Series	Lecture Notes in Computer Science
Volume	8924
ISSN	0302-9743

Conference

Conference	9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014
Abbreviated title	CRiSIS 2014
Country/Territory	Italy
City	Trento
Period	27/08/15 → 29/08/15

Keywords

anomaly detection
cybersecurity
ICS network
machine learning
network security monitoring
SCADA network

Access to Document

10.1007/978-3-319-17127-2_1

Cite this

@inproceedings{7ecc3bacc235493d97640366c8120e24,

title = "Detecting anomalies in printed intelligence factory network",

abstract = "Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.",

keywords = "anomaly detection, cybersecurity, ICS network, machine learning, network security monitoring, SCADA network",

author = "Matti Mantere and Mirko Sailio and Sami Noponen",

year = "2015",

month = apr,

day = "28",

doi = "10.1007/978-3-319-17127-2_1",

language = "English",

isbn = "978-3-319-17126-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "1--16",

booktitle = "Risks and Security of Internet and Systems",

address = "Germany",

note = "9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014, CRiSIS 2014 ; Conference date: 27-08-2015 Through 29-08-2015",

}

Mantere, M, Sailio, M & Noponen, S 2015, Detecting anomalies in printed intelligence factory network. in Risks and Security of Internet and Systems: CRiSIS 2014. Springer, Lecture Notes in Computer Science, vol. 8924, pp. 1-16, 9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014, Trento, Italy, 27/08/15. https://doi.org/10.1007/978-3-319-17127-2_1

TY - GEN

T1 - Detecting anomalies in printed intelligence factory network

AU - Mantere, Matti

AU - Sailio, Mirko

AU - Noponen, Sami

N1 - Conference code: 9

PY - 2015/4/28

Y1 - 2015/4/28

N2 - Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.

AB - Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.

KW - anomaly detection

KW - cybersecurity

KW - ICS network

KW - machine learning

KW - network security monitoring

KW - SCADA network

U2 - 10.1007/978-3-319-17127-2_1

DO - 10.1007/978-3-319-17127-2_1

M3 - Conference article in proceedings

SN - 978-3-319-17126-5

T3 - Lecture Notes in Computer Science

SP - 1

EP - 16

BT - Risks and Security of Internet and Systems

PB - Springer

T2 - 9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014

Y2 - 27 August 2015 through 29 August 2015

ER -

Detecting anomalies in printed intelligence factory network

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this