Feature selection for machine learning based anomaly detection in industrial control system networks

Matti Mantere, Mirko Sailio, Sami Noponen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    7 Citations (Scopus)

    Abstract

    The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages771-774
    ISBN (Electronic)978-0-7695-4865-4
    ISBN (Print)978-1-4673-5146-1
    DOIs
    Publication statusPublished - 2012
    MoE publication typeNot Eligible
    EventIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 - Besancon, France
    Duration: 20 Nov 201223 Nov 2012

    Conference

    ConferenceIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
    Abbreviated titleGreenCom 2012
    CountryFrance
    CityBesancon
    Period20/11/1223/11/12

    Fingerprint Dive into the research topics of 'Feature selection for machine learning based anomaly detection in industrial control system networks'. Together they form a unique fingerprint.

  • Cite this

    Mantere, M., Sailio, M., & Noponen, S. (2012). Feature selection for machine learning based anomaly detection in industrial control system networks. In Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 (pp. 771-774). IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/GreenCom.2012.127