Abstract
Profiling communication patterns between devices in the Industrial Internet of Things (IIoT) ecosystems is important for deploying security measures like detecting anomalies and potential cyber-attacks. In this chapter we perform deep-packet inspection of various industrial protocols to generate models of communications between pairs of IIoT devices; in particular, we use discrete-time Markov chain models applied to four different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, (3) a large-scale water treatment facility, and (4) an energy management system of a university campus. These datasets represent a variety of modern industrial protocols communicating over IP-compatible networks, including EtherNet/IP (Ethernet/Industrial Protocol), DNP3 (Distributed Network Protocol), and Modbus/TCP (Transmission Control Protocol).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Astarloa A, Bidarte U, Jiménez J, Zuloaga A, Lázaro J (2016) Intelligent gateway for industry 4.0-compliant production. In: IECON 2016-42nd Annual Conference of the IEEE Industrial Electronics Society. IEEE, pp 4902–4907
Caselli M, Zambon E, Kargl F (2015) Sequence-aware intrusion detection in industrial control systems. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp 13–24
Fu Y, Yan Z, Cao J, Koné O, Cao X (2017) An automata based intrusion detection method for Internet of Things. Mob Inf Syst 2017:1–13
Goldenberg N, Wool A (2013) Accurate modeling of Modbus/TCP for intrusion detection in scada systems. Int J Crit Infrastruct Prot 6:63–75
IEEE: 1815–2012 – IEEE standard for electric power systems communications-distributed network protocol (DNP3) (2012). http://ieeexplore.ieee.org/document/6327578/. Online accessed 06 Mar 2017
Kleinman A, Wool A (2014) Accurate modeling of the Siemens S7 scada protocol for intrusion detection and digital forensics. J Digit Forensic Secur Law JDFSL 9(2):37
Kleinmann A, Wool A (2015) A statechart-based anomaly detection model for multi-threaded scada systems. In: International Conference on Critical Information Infrastructures Security, pp 132–144
Kleinmann A, Wool A (2016) Automatic construction of statechart-based anomaly detection models for multi-threaded scada via spectral analysis. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, pp 1–12
Modbus Organization (2012) Modbus application protocol specification V1.1b3. Online; Accessed 05 July 2016
Modbus Organization (2012) Modbus messaging on TCP/IP implementation guide V1.0b. Online; Accessed 05 July 2016
Open DeviceNet Vendor Association (2007) The CIP networks library volume 2: EtherNet/IP adaptation of CIP. http://www.tud.ttu.ee/im/Kristjan.Sillmann/ISP0051%20Rakenduslik%20Andmeside/CIP%20docs/CIP%20Vol2_1.4.pdf
Rubio JE, Alcaraz C, Roman R, Lopez J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: 14th International Conference on Security and Cryptography (SECRYPT 2017)
Sadeghi AR, Wachsmann C, Waidner M (2015) Security and privacy challenges in industrial Internet of Things. In: 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, pp 1–6
Tribus M (1961) Thermostatics and thermodynamics: an introduction to energy, information and states of matter, with engineering applications. van Nostrand, London
Zarpelão BB, Miani RS, Kawakani CT, de Alvarenga SC (2017) A survey of intrusion detection in Internet of Things. J Netw Comput Appl 84:25–37
Acknowledgements
This work was supported by a grant from the United States-Israel Binational Science Foundation (BSF), Jerusalem, Israel and the United States National Science Foundation (NSF) CNS-#1718848. This material was also supported by a grant from the Interdisciplinary Cyber-Research Center at TAU.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Faisal, M.A., Cardenas, A.A., Wool, A. (2019). Profiling Communications in Industrial IP Networks: Model Complexity and Anomaly Detection. In: Alcaraz, C. (eds) Security and Privacy Trends in the Industrial Internet of Things. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-12330-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-12330-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12329-1
Online ISBN: 978-3-030-12330-7
eBook Packages: Computer ScienceComputer Science (R0)