Publication Details

Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm

MUTUA Nelson Makau. Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm. Brno, 2020.
Type
technical report
Language
english
Authors
Mutua Nelson Makau, M.Sc. (FIT BUT)
Keywords

IEC 104, Industrial Control System, Ssdeep, Anomaly Detection, Network Traffic

Abstract

Network communication is associated with many security challenges. Changes in Internet technologies have allowed for an increase in networked devices, the complexity of cybercrimes and the transfer of huge amounts of data, which can easily be intercepted and manipulated by attackers. The goal of this research is to prove the viability of using approximate pattern matching to profiling Industrial Control System (ICS) communication. The approximate pattern matching has been successfully used on comparing similarity of files in the past. Tshark is a network protocol analyser that will be used to extract interesting fields of an IEC 60870-5 protocol (aka IEC 104) from the ICS communication packet capture files.
IEC 104 is a protocol that provides a communication profile for sending basic telecontrol messages between two systems in electrical engineering and power system automation. This protocol enables communication between control station and a substation via a standard TCP/IP network. The communication is based on the client-server model. An ICS normal profile is computed from the packet capture files to represent a normal ICS traffic. In the anomaly detection phase, unknown ICS network traffic is compared to the normal profile using approximate pattern matching algorithm. In this research, Ssdeep pattern matching algorithm will be used to compute the matching score between profiles to identify anomalies.

Published
2020
Pages
31
Place
Brno, CZ
BibTeX
@TECHREPORT{FITPUB12331,
   author = "Makau Nelson Mutua",
   title = "Application of Approximate Matching on Industrial Control System (ICS) Network Communication Using Ssdeep Algorithm",
   pages = 31,
   year = 2020,
   location = "Brno, CZ",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12331"
}
Files
Back to top