Simplified Method for Fast and Efficient Incident Detection in Industrial Networks
Title | Simplified Method for Fast and Efficient Incident Detection in Industrial Networks |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Kuchar, K., Fujdiak, R., Blazek, P., Martinasek, Z., Holasova, E. |
Conference Name | 2020 4th Cyber Security in Networking Conference (CSNet) |
Date Published | Oct. 2020 |
Publisher | IEEE |
ISBN Number | 978-0-7381-4292-0 |
Keywords | anomaly detection, computer network security, digital signatures, distributed network protocol 3, DNP3 protocol, DoS Attack Detection, efficient incident detection, fast incident detection, ICs, ICS Anomaly Detection, identified anomaly recognition, identified signature recognition, IDS, IDS system Zeek, industrial Modbus protocol, industrial network, intrusion detection system, machine learning, Modbus protocol, network traffic, Protocols, pubcrawl, resilience, Resiliency, Scalability, security, security incident detection, simplified method, Standards, telecommunication traffic, Testing |
Abstract | This article is focused on industrial networks and their security. An industrial network typically works with older devices that do not provide security at the level of today's requirements. Even protocols often do not support security at a sufficient level. It is necessary to deal with these security issues due to digitization. It is therefore required to provide other techniques that will help with security. For this reason, it is possible to deploy additional elements that will provide additional security and ensure the monitoring of the network, such as the Intrusion Detection System. These systems recognize identified signatures and anomalies. Methods of detecting security incidents by detecting anomalies in network traffic are described. The proposed methods are focused on detecting DoS attacks in the industrial Modbus protocol and operations performed outside the standard interval in the Distributed Network Protocol 3. The functionality of the performed methods is tested in the IDS system Zeek. |
URL | https://ieeexplore.ieee.org/abstract/document/9265536 |
DOI | 10.1109/CSNet50428.2020.9265536 |
Citation Key | kuchar_simplified_2020 |
- industrial network
- testing
- telecommunication traffic
- standards
- simplified method
- security incident detection
- security
- Scalability
- Resiliency
- resilience
- pubcrawl
- Protocols
- network traffic
- Modbus protocol
- machine learning
- intrusion detection system
- Anomaly Detection
- industrial Modbus protocol
- IDS system Zeek
- IDS
- identified signature recognition
- identified anomaly recognition
- ICS Anomaly Detection
- ICs
- fast incident detection
- efficient incident detection
- DoS Attack Detection
- DNP3 protocol
- distributed network protocol 3
- digital signatures
- computer network security