Detecting anomalies in printed intelligence factory network

Matti Mantere, Mirko Sailio, Sami Noponen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.
    Original languageEnglish
    Title of host publicationRisks and Security of Internet and Systems
    Subtitle of host publicationCRiSIS 2014
    PublisherSpringer
    Pages1-16
    ISBN (Electronic)978-3-319-17127-2
    ISBN (Print)978-3-319-17126-5
    DOIs
    Publication statusPublished - 28 Apr 2015
    MoE publication typeA4 Article in a conference publication
    Event9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014 - Trento, Italy
    Duration: 27 Aug 201529 Aug 2015
    Conference number: 9

    Publication series

    SeriesLecture Notes in Computer Science
    Volume8924
    ISSN0302-9743

    Conference

    Conference9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014
    Abbreviated titleCRiSIS 2014
    CountryItaly
    CityTrento
    Period27/08/1529/08/15

    Fingerprint

    Industrial plants
    Learning systems
    Network security
    Monitoring

    Keywords

    • anomaly detection
    • cybersecurity
    • ICS network
    • machine learning
    • network security monitoring
    • SCADA network

    Cite this

    Mantere, M., Sailio, M., & Noponen, S. (2015). Detecting anomalies in printed intelligence factory network. In Risks and Security of Internet and Systems: CRiSIS 2014 (pp. 1-16). Springer. Lecture Notes in Computer Science, Vol.. 8924 https://doi.org/10.1007/978-3-319-17127-2_1
    Mantere, Matti ; Sailio, Mirko ; Noponen, Sami. / Detecting anomalies in printed intelligence factory network. Risks and Security of Internet and Systems: CRiSIS 2014. Springer, 2015. pp. 1-16 (Lecture Notes in Computer Science, Vol. 8924).
    @inproceedings{7ecc3bacc235493d97640366c8120e24,
    title = "Detecting anomalies in printed intelligence factory network",
    abstract = "Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.",
    keywords = "anomaly detection, cybersecurity, ICS network, machine learning, network security monitoring, SCADA network",
    author = "Matti Mantere and Mirko Sailio and Sami Noponen",
    year = "2015",
    month = "4",
    day = "28",
    doi = "10.1007/978-3-319-17127-2_1",
    language = "English",
    isbn = "978-3-319-17126-5",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "1--16",
    booktitle = "Risks and Security of Internet and Systems",
    address = "Germany",

    }

    Mantere, M, Sailio, M & Noponen, S 2015, Detecting anomalies in printed intelligence factory network. in Risks and Security of Internet and Systems: CRiSIS 2014. Springer, Lecture Notes in Computer Science, vol. 8924, pp. 1-16, 9th International Conference on Risks and Security of Internet and Systems, CRiSIS 2014, Trento, Italy, 27/08/15. https://doi.org/10.1007/978-3-319-17127-2_1

    Detecting anomalies in printed intelligence factory network. / Mantere, Matti; Sailio, Mirko; Noponen, Sami.

    Risks and Security of Internet and Systems: CRiSIS 2014. Springer, 2015. p. 1-16 (Lecture Notes in Computer Science, Vol. 8924).

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Detecting anomalies in printed intelligence factory network

    AU - Mantere, Matti

    AU - Sailio, Mirko

    AU - Noponen, Sami

    PY - 2015/4/28

    Y1 - 2015/4/28

    N2 - Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.

    AB - Network security monitoring in ICS, or SCADA, networks provides opportunities and corresponding challenges. Anomaly detection using machine learning has traditionally performed sub-optimally when brought out of the laboratory environments and into more open networks. We have proposed using machine learning for anomaly detection in ICS networks when certain prerequisites are met, e.g. predictability. Results are reported for validation of a previously introduced ML module for Bro NSM using captures from an operational ICS network. The number of false positives and the detection capability are reported on. Parts of the used packet capture files include reconnaissance activity. The results point to adequate initial capability. The system is functional, usable and ready for further development. Easily modified and configured module represents a proof-of-concept implementation of introduced event-driven machine learning based anomaly detection concept for single event and algorithm.

    KW - anomaly detection

    KW - cybersecurity

    KW - ICS network

    KW - machine learning

    KW - network security monitoring

    KW - SCADA network

    U2 - 10.1007/978-3-319-17127-2_1

    DO - 10.1007/978-3-319-17127-2_1

    M3 - Conference article in proceedings

    SN - 978-3-319-17126-5

    T3 - Lecture Notes in Computer Science

    SP - 1

    EP - 16

    BT - Risks and Security of Internet and Systems

    PB - Springer

    ER -

    Mantere M, Sailio M, Noponen S. Detecting anomalies in printed intelligence factory network. In Risks and Security of Internet and Systems: CRiSIS 2014. Springer. 2015. p. 1-16. (Lecture Notes in Computer Science, Vol. 8924). https://doi.org/10.1007/978-3-319-17127-2_1