Publication Details

Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS

YOUSSEF, S.; RYŠAVÝ, O. Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS. FIT-TR-2020-02, Brno: Faculty of Information Technology BUT, 2020. p. 0-0.
Czech title
Detekce anomálií v průmyslových kontrolních systémech: Vyhodnocení ADS Flowmon
Type
report
Language
English
Authors
Youssef Sawsan, Ing.
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Keywords

Industrial Control Systems, Anomaly Detection, Cybersecurity, Network Monitoring

Abstract

This report provides results from the experiments aimed to evaluate the threat
detection capabilities of the Flowmon Anomaly Detection System in the environment
of Industrial Control Systems. The experiments follow a procedure described in
the NISTIR 8219 report, which identifies a critical set of security threats to
ICS and illustrates how behavior anomaly detection systems can be used as a key
security component for industrial systems. We have shown that many of the
identified security threats can be identified with the Flowmon ADS even without
considering any specific ICS rules. The report systematically evaluates the
scenarios considering network-based anomaly detection methods. We set up
a virtual environment that contains ICS and Flowmon software. In this
environment, we were able to demonstrate all scenarios and check Flowmon
responses to the induced security threats.

Published
2020
Pages
20
Publisher
Faculty of Information Technology BUT
Place
FIT-TR-2020-02, Brno
BibTeX 
@techreport{BUT163656,
  author="Sawsan {Youssef} and Ondřej {Ryšavý}",
  title="Behavioral Anomaly Detection in Industrial Control Systems: An Evaluation of Flowmon ADS",
  year="2020",
  publisher="Faculty of Information Technology BUT",
  address="FIT-TR-2020-02, Brno",
  pages="20",
  url="https://www.fit.vut.cz/research/publication/12253/"
}
Files
Back to top