Detail publikačního výsledku

Incident Detection System for Industrial Networks

KUCHAŘ, K.; HOLASOVÁ, E.; FUJDIAK, R.; BLAŽEK, P.; MIŠUREC, J.

Originální název

Incident Detection System for Industrial Networks

Anglický název

Incident Detection System for Industrial Networks

Druh

Kapitola, resp. kapitoly v odborné knize

Originální abstrakt

Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52 %), machine learning (with an accuracy of 100 %), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

Anglický abstrakt

Modbus/TCP is one of the most used industrial protocol, but this protocol is unsecured and does not implement encryption of communication or authentication of the clients. Therefore, this paper is focused on the techniques of incident detection in Modbus/TCP communication, but it is possible to implement the proposed solution on different protocols. For this purpose, a Modbus Security Module was created. This module can sniff specific network traffic, parse particular information from the communication packets, and store this data into the database. The databases use PostgreSQL and are placed on each master and slave stations. The data stored in each database is used for incident detection. This method represents a new way of detecting incidents and cyber-attacks in the network. Using a neural network (with an accuracy of 99.52 %), machine learning (with an accuracy of 100 %), and database comparison, it is possible to detect all attacks targeting the slave station and detect simulated attacks originating from master or non-master station. For additional database security of each station, an SSH connection between the databases is used. For the evaluation of the proposed method, the IEEE dataset was used. This paper also presents a comparison of machine learning classifiers, where each classifier has adjusted parameters. A mutual comparison of machine learning classifiers (with or without memory parameter) was done.

Klíčová slova

-

Klíčová slova v angličtině

-

Autoři

KUCHAŘ, K.; HOLASOVÁ, E.; FUJDIAK, R.; BLAŽEK, P.; MIŠUREC, J.

Rok RIV

2023

Vydáno

09.09.2022

Nakladatel

Springer

ISBN

978-3-031-04424-3

Kniha

Big Data Privacy and Security in Smart Cities

Strany od

83

Strany do

102

Strany počet

20

URL

https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5

BibTex

@inbook{BUT175455,
  author="Karel {Kuchař} and Eva {Holasová} and Radek {Fujdiak} and Petr {Blažek} and Jiří {Mišurec}",
  title="Incident Detection System for Industrial Networks",
  booktitle="Big Data Privacy and Security in Smart Cities",
  year="2022",
  publisher="Springer",
  edition="1",
  pages="83--102",
  doi="10.1007/978-3-031-04424-3\{_}5",
  isbn="978-3-031-04424-3",
  url="https://link.springer.com/chapter/10.1007/978-3-031-04424-3_5"
}