Visible to the public Simplified Method for Fast and Efficient Incident Detection in Industrial Networks

TitleSimplified Method for Fast and Efficient Incident Detection in Industrial Networks
Publication TypeConference Paper
Year of Publication2020
AuthorsKuchar, K., Fujdiak, R., Blazek, P., Martinasek, Z., Holasova, E.
Conference Name2020 4th Cyber Security in Networking Conference (CSNet)
Date PublishedOct. 2020
PublisherIEEE
ISBN Number978-0-7381-4292-0
Keywordsanomaly detection, computer network security, digital signatures, distributed network protocol 3, DNP3 protocol, DoS Attack Detection, efficient incident detection, fast incident detection, ICs, ICS Anomaly Detection, identified anomaly recognition, identified signature recognition, IDS, IDS system Zeek, industrial Modbus protocol, industrial network, intrusion detection system, machine learning, Modbus protocol, network traffic, Protocols, pubcrawl, resilience, Resiliency, Scalability, security, security incident detection, simplified method, Standards, telecommunication traffic, Testing
Abstract

This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek.

URLhttps://ieeexplore.ieee.org/abstract/document/9265536
DOI10.1109/CSNet50428.2020.9265536
Citation Keykuchar_simplified_2020