Publication Details

Statistical Methods for Anomaly Detection in Industrial Communication

BURGETOVÁ, I.; MATOUŠEK, P.; MUTUA, N. Statistical Methods for Anomaly Detection in Industrial Communication. IT-TR-2021-01, Brno: Faculty of Information Technology BUT, 2021. p. 0-0.

Czech title

Statistické metody pro detekci anomálií v průmyslové komunikaci

Type

report

Language

English

Authors

Burgetová Ivana, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Mutua Nelson Makau, M.Sc. (DIFS)

Keywords

anomaly detection, communication patterns, industrial networks, IEC 104,
monitoring

Abstract

This report focuses on application of selected statistical methods to anomaly
detection of ICS protocols deployed in smart grids, namely IEC 104, GOOSE and
MMS. Industrial network stations are typically pre-configured hardware devices
that operate in master-slave mode and exhibits stable and periodic communication
patterns over a long time. Due to the stability of ICS communication, statistical
models present a natural way for detection of common ICS anomalies.

For probabilistic modeling of network behavior we employ the following
statistical features: distribution of packet inter-arrival times, packet size,
and packet direction. This report presents the results of our experiments with
three statistical methods: the Box Plot, Three Sigma Rule and Local Outlier
Factor (LOF) which worked best for ICS datasets.

Published

2021

Pages

Publisher

Faculty of Information Technology BUT

Place

IT-TR-2021-01, Brno

BibTeX

@techreport{BUT171490,
  author="Ivana {Burgetová} and Petr {Matoušek} and Nelson Makau {Mutua}",
  title="Statistical Methods for Anomaly Detection in Industrial Communication",
  year="2021",
  publisher="Faculty of Information Technology BUT",
  address="IT-TR-2021-01, Brno",
  pages="59",
  url="https://www.fit.vut.cz/research/publication/12502/"
}

Files

pdf Technical_Report__Statistical_Methods_for_Anomaly_Detection.pdf 3 MB