Abstract
Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Astarloa A, Bidarte U, Jiménez J, Zuloaga A, Lázaro J (2016) Intelligent gateway for industry 4.0-compliant production. In: IECON 2016-42nd Annual Conference of the IEEE Industrial Electronics Society. IEEE, pp 4902–4907
Caselli M, Zambon E, Kargl F (2015) Sequence-aware intrusion detection in industrial control systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp 13–24
Fu Y, Yan Z, Cao J, Koné O, Cao X (2017) An automata based intrusion detection method for Internet of Things. Mob Inf Syst 2017:1–13
Goldenberg N, Wool A (2013) Accurate modeling of Modbus/TCP for intrusion detection in scada systems. Int J Crit Infrastruct Prot 6:63–75
IEEE: 1815–2012 – IEEE standard for electric power systems communications-distributed network protocol (DNP3) (2012). http://ieeexplore.ieee.org/document/6327578/. Online accessed 06 Mar 2017
Kleinman A, Wool A (2014) Accurate modeling of the Siemens S7 scada protocol for intrusion detection and digital forensics. J Digit Forensic Secur Law JDFSL 9(2):37
Kleinmann A, Wool A (2015) A statechart-based anomaly detection model for multi-threaded scada systems. In: International Conference on Critical Information Infrastructures Security, pp 132–144
Kleinmann A, Wool A (2016) Automatic construction of statechart-based anomaly detection models for multi-threaded scada via spectral analysis. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, pp 1–12
Modbus Organization (2012) Modbus application protocol specification V1.1b3. Online; Accessed 05 July 2016
Modbus Organization (2012) Modbus messaging on TCP/IP implementation guide V1.0b. Online; Accessed 05 July 2016
Open DeviceNet Vendor Association (2007) The CIP networks library volume 2: EtherNet/IP adaptation of CIP. http://www.tud.ttu.ee/im/Kristjan.Sillmann/ISP0051%20Rakenduslik%20Andmeside/CIP%20docs/CIP%20Vol2_1.4.pdf
Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: 14th International Conference on Security and Cryptography (SECRYPT 2017)
Sadeghi AR, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, pp 1–6
Tribus M (1961) Thermostatics and thermodynamics: an introduction to energy, information and states of matter, with engineering applications. van Nostrand, London
Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37
Acknowledgements
This work was supported by a grant from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel and the United States National Science Foundation (NSF) CNS-#1718848. This material was also supported by a grant from the Interdisciplinary Cyber-Research Center at TAU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Faisal, M.A., Cardenas, A.A., Wool, A. (2019). Profiling Communications in Industrial IP Networks: Model Complexity and Anomaly Detection. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-12330-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12329-1
Online ISBN: 978-3-030-12330-7
eBook Packages: Computer ScienceComputer Science (R0)