Feature selection for machine learning based anomaly detection in industrial control system networks

Matti Mantere; Mirko Sailio; Sami Noponen

doi:10.1109/GreenCom.2012.127

Feature selection for machine learning based anomaly detection in industrial control system networks

Matti Mantere, Mirko Sailio, Sami Noponen

BA1508 Cyber security

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.

Original language	English
Title of host publication	Proceedings
Subtitle of host publication	IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
Publisher	Institute of Electrical and Electronic Engineers IEEE
Pages	771-774
ISBN (Electronic)	978-0-7695-4865-4
ISBN (Print)	978-1-4673-5146-1
DOIs	https://doi.org/10.1109/GreenCom.2012.127
Publication status	Published - 2012
MoE publication type	Not Eligible
Event	IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 - Besancon, France Duration: 20 Nov 2012 → 23 Nov 2012

Conference

Conference	IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
Abbreviated title	GreenCom 2012
Country	France
City	Besancon
Period	20/11/12 → 23/11/12

Fingerprint

Learning systems

Feature extraction

Control systems

Ethernet

Cite this

Mantere, M., Sailio, M., & Noponen, S. (2012). Feature selection for machine learning based anomaly detection in industrial control system networks. In Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 (pp. 771-774). Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/GreenCom.2012.127

Mantere, Matti ; Sailio, Mirko ; Noponen, Sami. / Feature selection for machine learning based anomaly detection in industrial control system networks. Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. pp. 771-774

@inproceedings{819535f7519d4fb896f0300ababbdb89,

title = "Feature selection for machine learning based anomaly detection in industrial control system networks",

abstract = "The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.",

author = "Matti Mantere and Mirko Sailio and Sami Noponen",

year = "2012",

doi = "10.1109/GreenCom.2012.127",

language = "English",

isbn = "978-1-4673-5146-1",

pages = "771--774",

booktitle = "Proceedings",

publisher = "Institute of Electrical and Electronic Engineers IEEE",

address = "United States",

}

Mantere, M, Sailio, M & Noponen, S 2012, Feature selection for machine learning based anomaly detection in industrial control system networks. in Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, pp. 771-774, IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012, Besancon, France, 20/11/12. https://doi.org/10.1109/GreenCom.2012.127

Feature selection for machine learning based anomaly detection in industrial control system networks. / Mantere, Matti; Sailio, Mirko ; Noponen, Sami.

Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. p. 771-774.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Feature selection for machine learning based anomaly detection in industrial control system networks

AU - Mantere, Matti

AU - Sailio, Mirko

AU - Noponen, Sami

PY - 2012

Y1 - 2012

N2 - The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.

AB - The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.

U2 - 10.1109/GreenCom.2012.127

DO - 10.1109/GreenCom.2012.127

M3 - Conference article in proceedings

SN - 978-1-4673-5146-1

SP - 771

EP - 774

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Mantere M, Sailio M , Noponen S. Feature selection for machine learning based anomaly detection in industrial control system networks. In Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE. 2012. p. 771-774 https://doi.org/10.1109/GreenCom.2012.127

Access to Document

10.1109/GreenCom.2012.127