Abstract
Large industrial networks (e.g., plants and grids) are usually characterized by numerous sectors of responsibility and multiple suppliers. Managing these networks is a challenge and requires concrete knowledge of the current network state in terms of device influence and network activities. Here, automated topology exploration is a valuable and very performant measure to provide a wide range of information about devices and their communication relations. Existing exploration methods mostly use active, intrusive methods which have no chance to be applied in sensitive or critical industrial networks. In this paper we present a completely passive approach. It is supplier-independent and provides information that has not been explored before using passive methods.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
OUI lookup is used for integration of the manufacturer or the name of well-known broad and multicast addresses into the MAC address label.
- 2.
Because of space limitations the edges of the graph are not labeled with the full protocol message names. All outgoing arcs of the device IP_04 represent ARP request frames, while incoming arcs belong to the respective responses.
- 3.
Due to space limitations, these devices are chosen to represent the communication patterns of the decentralized periphery. The remaining devices MAC_05-MAC_17, however, exhibit similar relations to device MAC_20.
References
Snort: Network intrusion detection system (2016). https://www.snort.org
Black, R., Donnelly, A., Fournet, C.: Ethernet topology discovery without network assistance. In: Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP 2004), Berlin, Germany, 5–8 October 2004, pp. 328–339 (2004)
Breitbart, Y., Garofalakis, M.N., Jai, B., Martin, C., Rastogi, R., Silberschatz, A.: Topology discovery in heterogeneous IP networks: the NetInventory system. IEEE/ACM Trans. Netw. 12(3), 401–414 (2004)
Eriksson, B., Barford, P., Nowak, R.D., Crovella, M.: Learning network structure from passive measurements. In: Proceedings of the 7th ACM SIGCOMM Internet Measurement Conference, IMC 2007, San Diego, California, USA, 24–26 October 2007, pp. 209–214 (2007)
Gobjuka, H., Breitbart, Y.: Ethernet topology discovery for networks with incomplete information. IEEE/ACM Trans. Netw. 18(4), 1220–1233 (2010)
Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the machine: on the feasibility of the N-Gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). doi:10.1007/978-3-642-33338-5_18
Kienzle, D.M., Evans, N.S., Elder, M.C.: NICE: endpoint-based topology discovery. In: Cyber and Information Security Research Conference, CISR 2014, Oak Ridge, TN, USA, 8–10 April 2014, pp. 97–100 (2014)
Lowekamp, B., O’Hallaron, D.R., Gross, T.R.: Topology discovery for large ethernet networks. In: SIGCOMM, pp. 237–248 (2001)
Moussadek-Kabdania, A., Soilli, A.: Grassmarlin, an open-source tool for passive ICS network mapping (2016). http://www.securityinsider-solucom.fr/2016/03/en-grassmarlin-open-source-tool-for.html
Schuster, F., Paul, A.: A distributed intrusion detection system for industrial automation networks. In: Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation, ETFA 2012, Krakow, Poland, 17–21 September 2012, pp. 1–4. IEEE (2012)
Schuster, F., Paul, A., Rietz, R., König, H.: Potentials of using one-class SVM for detecting protocol-specific anomalies in industrial networks. In: IEEE Symposium Series on Computational Intelligence, SSCI 2015, Cape Town, South Africa, 7–10 December 2015, pp. 83–90. IEEE (2015)
Wang, Y., Li, D., Han, C., Zhu, Z.: Research and application on automatic network topology discovery in ITSM system. In: Proceedings of the 9th International Conference on Hybrid Intelligent Systems, Shenyang, China, 12–14 August 2009, pp. 336–340 (2009)
Yao, B., Viswanathan, R., Chang, F., Waddington, D.G.: Topology inference in the presence of anonymous routers. In: IEEE INFOCOM 2003, The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Franciso, CA, USA, March 30 - April 3 2003 (2003)
Acknowledgements
The authors gratefully acknowledge funding from the German Federal Ministry of Education and Research (BMBF) via the projects INDI (funding code: 16KIS0156) and SICIA (16KIS0158K).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Paul, A., Schuster, F., König, H. (2017). Network Topology Exploration for Industrial Networks. In: Maglaras, L., Janicke, H., Jones, K. (eds) Industrial Networks and Intelligent Systems. INISCOM 2016. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 188. Springer, Cham. https://doi.org/10.1007/978-3-319-52569-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-52569-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-52568-6
Online ISBN: 978-3-319-52569-3
eBook Packages: Computer ScienceComputer Science (R0)