Detail publikace

Statistical Methods for Anomaly Detection in Industrial Communication

BURGETOVÁ, I. MATOUŠEK, P. MUTUA, N.

Originální název

Statistical Methods for Anomaly Detection in Industrial Communication

Typ

zpráva odborná

Jazyk

angličtina

Originální abstrakt

This report focuses on application of selected statistical methods to anomaly detection of ICS protocols deployed in smart grids, namely IEC 104, GOOSE and MMS. Industrial network stations are typically pre-configured hardware devices that operate in master-slave mode and exhibits stable and periodic communication patterns over a long time. Due to the stability of ICS communication, statistical models present a natural way for detection of common ICS anomalies. For probabilistic modeling of network behavior we employ the following statistical features: distribution of packet inter-arrival times, packet size, and packet direction. This report presents the results of our experiments with three statistical methods: the Box Plot, Three Sigma Rule and Local Outlier Factor (LOF) which worked best for ICS  datasets.

Klíčová slova

anomaly detection, communication patterns, industrial networks, IEC 104, monitoring

Autoři

BURGETOVÁ, I.; MATOUŠEK, P.; MUTUA, N.

Vydáno

30. 6. 2021

Nakladatel

Faculty of Information Technology BUT

Místo

IT-TR-2021-01, Brno

Strany počet

59

URL

https://www.fit.vut.cz/research/publication/12502/

BibTex

@techreport{BUT171490,
  author="Ivana {Burgetová} and Petr {Matoušek} and Nelson Makau {Mutua}",
  title="Statistical Methods for Anomaly Detection in Industrial Communication",
  year="2021",
  publisher="Faculty of Information Technology BUT",
  address="IT-TR-2021-01, Brno",
  pages="59",
  url="https://www.fit.vut.cz/research/publication/12502/"
}