Detail publikace

Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm

MUTUA, N.

Originální název

Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm

Anglický název

Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm

Jazyk

en

Originální abstrakt

Network communication is associated with many security challenges. Changes in Internet technologies have allowed for an increase in networked devices, the complexity of cybercrimes and the transfer of huge amounts of data, which can easily be intercepted and manipulated by attackers. The goal of this research is to prove the viability of using approximate pattern matching to profiling Industrial Control System (ICS) communication. The approximate pattern matching has been successfully used on comparing similarity of files in the past. Tshark is a network protocol analyser that will be used to extract interesting fields of an IEC 60870-5 protocol (aka IEC 104) from the ICS communication packet capture files. IEC 104 is a protocol that provides a communication profile for sending basic telecontrol messages between two systems in electrical engineering and power system automation. This protocol enables communication between control station and a substation via a standard TCP/IP network. The communication is based on the client-server model. An ICS normal profile is computed from the packet capture files to represent a normal ICS traffic. In the anomaly detection phase, unknown ICS network traffic is compared to the normal profile using approximate pattern matching algorithm. In this research, Ssdeep pattern matching algorithm will be used to compute the matching score between profiles to identify anomalies.

Anglický abstrakt

Network communication is associated with many security challenges. Changes in Internet technologies have allowed for an increase in networked devices, the complexity of cybercrimes and the transfer of huge amounts of data, which can easily be intercepted and manipulated by attackers. The goal of this research is to prove the viability of using approximate pattern matching to profiling Industrial Control System (ICS) communication. The approximate pattern matching has been successfully used on comparing similarity of files in the past. Tshark is a network protocol analyser that will be used to extract interesting fields of an IEC 60870-5 protocol (aka IEC 104) from the ICS communication packet capture files. IEC 104 is a protocol that provides a communication profile for sending basic telecontrol messages between two systems in electrical engineering and power system automation. This protocol enables communication between control station and a substation via a standard TCP/IP network. The communication is based on the client-server model. An ICS normal profile is computed from the packet capture files to represent a normal ICS traffic. In the anomaly detection phase, unknown ICS network traffic is compared to the normal profile using approximate pattern matching algorithm. In this research, Ssdeep pattern matching algorithm will be used to compute the matching score between profiles to identify anomalies.

Dokumenty

BibTex


@techreport{BUT168671,
  author="Nelson {Mutua}",
  title="Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm",
  annote="Network communication is associated with many security challenges. Changes in
Internet technologies have allowed for an increase in networked devices, the
complexity of cybercrimes and the transfer of huge amounts of data, which can
easily be intercepted and manipulated by attackers. The goal of this research is
to prove the viability of using approximate pattern matching to profiling
Industrial Control System (ICS) communication. The approximate pattern matching
has been successfully used on comparing similarity of files in the past. Tshark
is a network protocol analyser that will be used to extract interesting fields of
an IEC 60870-5 protocol (aka IEC 104) from the ICS communication packet capture
files.
IEC 104 is a protocol that provides a communication profile for sending basic
telecontrol messages between two systems in electrical engineering and power
system automation. This protocol enables communication between control station
and a substation via a standard TCP/IP network. The communication is based on the
client-server model. An ICS normal profile is computed from the packet capture
files to represent a normal ICS traffic. In the anomaly detection phase, unknown
ICS network traffic is compared to the normal profile using approximate pattern
matching algorithm. In this research, Ssdeep pattern matching algorithm will be
used to compute the matching score between profiles to identify anomalies.",
  address="NEUVEDEN",
  chapter="168671",
  edition="NEUVEDEN",
  howpublished="print",
  institution="NEUVEDEN",
  year="2020",
  month="august",
  pages="0--0",
  publisher="NEUVEDEN",
  type="report"
}