Publication Details

Statistical Methods for Anomaly Detection in Industrial Communication

BURGETOVÁ, I.; MATOUŠEK, P.; MUTUA, N. Statistical Methods for Anomaly Detection in Industrial Communication. IT-TR-2021-01, Brno: Faculty of Information Technology BUT, 2021. p. 0-0.
Czech title
Statistické metody pro detekci anomálií v průmyslové komunikaci
Type
report
Language
English
Authors
Burgetová Ivana, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Mutua Nelson Makau, M.Sc. (DIFS)
Keywords

anomaly detection, communication patterns, industrial networks, IEC 104, monitoring

Abstract

This report focuses on application of selected statistical methods to anomaly detection of ICS protocols deployed in smart grids, namely IEC 104, GOOSE and MMS. Industrial network stations are typically pre-configured hardware devices that operate in master-slave mode and exhibits stable and periodic communication patterns over a long time. Due to the stability of ICS communication, statistical models present a natural way for detection of common ICS anomalies. For probabilistic modeling of network behavior we employ the following statistical features: distribution of packet inter-arrival times, packet size, and packet direction. This report presents the results of our experiments with three statistical methods: the Box Plot, Three Sigma Rule and Local Outlier Factor (LOF) which worked best for ICS  datasets.

Published
2021
Pages
59
Publisher
Faculty of Information Technology BUT
Place
IT-TR-2021-01, Brno
BibTeX 
@techreport{BUT171490,
  author="Ivana {Burgetová} and Petr {Matoušek} and Nelson Makau {Mutua}",
  title="Statistical Methods for Anomaly Detection in Industrial Communication",
  year="2021",
  publisher="Faculty of Information Technology BUT",
  address="IT-TR-2021-01, Brno",
  pages="59",
  url="https://www.fit.vut.cz/research/publication/12502/"
}
Back to top