Feature selection for machine learning based anomaly detection in industrial control system networks

Matti Mantere, Mirko Sailio, Sami Noponen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

6 Citations (Scopus)

Abstract

The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
PublisherInstitute of Electrical and Electronic Engineers IEEE
Pages771-774
ISBN (Electronic)978-0-7695-4865-4
ISBN (Print)978-1-4673-5146-1
DOIs
Publication statusPublished - 2012
MoE publication typeNot Eligible
EventIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 - Besancon, France
Duration: 20 Nov 201223 Nov 2012

Conference

ConferenceIEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012
Abbreviated titleGreenCom 2012
CountryFrance
CityBesancon
Period20/11/1223/11/12

Fingerprint

Learning systems
Feature extraction
Control systems
Ethernet

Cite this

Mantere, M., Sailio, M., & Noponen, S. (2012). Feature selection for machine learning based anomaly detection in industrial control system networks. In Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012 (pp. 771-774). Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/GreenCom.2012.127
Mantere, Matti ; Sailio, Mirko ; Noponen, Sami. / Feature selection for machine learning based anomaly detection in industrial control system networks. Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. pp. 771-774
@inproceedings{819535f7519d4fb896f0300ababbdb89,
title = "Feature selection for machine learning based anomaly detection in industrial control system networks",
abstract = "The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.",
author = "Matti Mantere and Mirko Sailio and Sami Noponen",
year = "2012",
doi = "10.1109/GreenCom.2012.127",
language = "English",
isbn = "978-1-4673-5146-1",
pages = "771--774",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Mantere, M, Sailio, M & Noponen, S 2012, Feature selection for machine learning based anomaly detection in industrial control system networks. in Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, pp. 771-774, IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012, Besancon, France, 20/11/12. https://doi.org/10.1109/GreenCom.2012.127

Feature selection for machine learning based anomaly detection in industrial control system networks. / Mantere, Matti; Sailio, Mirko; Noponen, Sami.

Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE, 2012. p. 771-774.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Feature selection for machine learning based anomaly detection in industrial control system networks

AU - Mantere, Matti

AU - Sailio, Mirko

AU - Noponen, Sami

PY - 2012

Y1 - 2012

N2 - The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.

AB - The nature of the traffic in industrial control system network is markedly different from more open networks. Industrial control system networks should be far more restricted in what types of traffic diversity is present. This enables the usage of approaches that are currently not as feasible in open environments, such as machine learning based anomaly detection. Without proper customization for the special requirements of industrial control system network environment many existing anomaly or misuse detection systems will perform sub-optimally. Machine learning based approach would reduce the amount of manual customization required for different restricted network environments of which an industrial control system network is an good example of. In this paper we present an initial analysis of data received from a ethernet network of a live running industrial site. This includes both control data and the data flowing between the control network and the office network. A set of possible features to be used for detecting anomalies is studied for this environment.

U2 - 10.1109/GreenCom.2012.127

DO - 10.1109/GreenCom.2012.127

M3 - Conference article in proceedings

SN - 978-1-4673-5146-1

SP - 771

EP - 774

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Mantere M, Sailio M, Noponen S. Feature selection for machine learning based anomaly detection in industrial control system networks. In Proceedings: IEEE International Conference on Green Computing and Communications, Conference on Internet of Things, and Conference on Cyber, Physical and Social Computing GreenCom 2012. Institute of Electrical and Electronic Engineers IEEE. 2012. p. 771-774 https://doi.org/10.1109/GreenCom.2012.127