Publication Details

Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS

YOUSSEF Sawsan and RYŠAVÝ Ondřej. Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS. FIT-TR-2020-02, Brno: Faculty of Information Technology BUT, 2020.
Czech title
Detekce anomálií v průmyslových kontrolních systémech: Vyhodnocení ADS Flowmon
Type
technical report
Language
english
Authors
Youssef Sawsan, Ing. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Keywords

Industrial Control Systems, Anomaly Detection, Cybersecurity, Network Monitoring

Abstract

This report provides results from the experiments aimed to evaluate the threat detection capabilities of the Flowmon Anomaly Detection System in the environment of Industrial Control Systems. The experiments follow a procedure described in the NISTIR 8219 report, which identifies a critical set of security threats to ICS and illustrates how behavior anomaly detection systems can be used as a key security component for industrial systems. We have shown that many of the identified security threats can be identified with the Flowmon ADS even without considering any specific ICS rules. The report systematically evaluates the scenarios considering network-based anomaly detection methods. We set up a virtual environment that contains ICS and Flowmon software. In this environment, we were able to demonstrate all scenarios and check Flowmon responses to the induced security threats.

Published
2020
Pages
20
Publisher
Faculty of Information Technology BUT
Place
FIT-TR-2020-02, Brno, CZ
BibTeX 
@TECHREPORT{FITPUB12253,
   author = "Sawsan Youssef and Ond\v{r}ej Ry\v{s}av\'{y}",
   title = "Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS",
   pages = 20,
   year = 2020,
   location = "FIT-TR-2020-02, Brno, CZ",
   publisher = "Faculty of Information Technology BUT",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12253"
}
Files
Back to top