poster an empirical comparative measurement on real ics
play

(POSTER) An Empirical Comparative Measurement on Real ICS Network - PowerPoint PPT Presentation

Jul 13, 2023 •410 likes •507 views

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI) Motivation Cyber-Physical Systems = Industrial Control Systems

  1. 
 (POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI)

  2. Motivation • Cyber-Physical Systems = Industrial Control Systems (ICS) 
 + Software & Network Systems • ICS : machines, physical operations are driving (not human) • Network tra ffi c, any characteristic? • We may guess but no proper measurement! Let’s measure!

  3. Data Collection • Domain-scale networks 
 - Campus vs ICS 
 - Not Global-scale such as BGP • ICS Network Tra ffi c 
 - Two Water Treatment Facilities (let’s say ICS-I, ICS-II ) 
 - real-world sites in South Korea • Public Internet Tra ffi c (Campus Networks) 
 - Auckland Univ. (wand.net.nz, lets say INT-A ) 
 - Wisconsin (pages.cs.wisc.edu/~tbenson/, lets say INT-U )

  4. Traffic Utilization • ICS tra ffi c 
 - Carrying control messages + oracle DB 
 - machines generate tra ffi c • Internet tra ffi c 
 - HTTP + HTTPS + DNS are most * Modbus, LS-IS : Control Protocols for PLC

  5. Network Graph Analysis • Build Graph From the network tra ffi c 
 - aka., Tra ffi c Dispersion Graph [1] 
 - Nodes = distinct IPs 
 - Edges = at least one packet ICS-I ICS-II INT-A INT-U [1] M. Iliofotou et al, Network Monitoring using Tra ffi c Dispersion Graphs (TDG), Sigcomm 07

  6. Network Graph Analysis • Community size distribution 
 - Using community discovery algorithm 
 - Good to know group activity pattern • Results 
 - ICS tra ffi c : relatively small size of group (20~40) 
 - Internet tra ffi c : massive size of group (~100)

  7. Network Graph Analysis • Joint Degree Distributions 
 - Brightness in (x,y) : how many edges connecting 
 degree x node and degree y node • ICS Tra ffi c 
 - clustered by evenly 
 distributed communities 
 - p2p networks in 
 each community • Internet Tra ffi c 
 - right upper, left bottom areas 
 - few selected nodes dominate 
 most edges (famous sites)

  8. Time-Series Analysis • Time-Series Analysis 
 - How Dynamic? 0-N Edges, Jaccard Index [2] 
 - How Periodic? Autocorrelation Method 
 - Detail score : refer the paper • Results 
 - ICS tra ffi c is less dynamic than Internet tra ffi c 
 (maybe repeatedly operate same logic) 
 - All flows are not periodic in ICS tra ffi c, 
 but flows of industrial protocols are relatively periodic [2] M. Iliofotou et al, Exploiting dynamicity in graph-based tra ffi c analysis, CoNEXT 09

  9. Thanks • Source code for this paper is available at cwb.kr:8080 • We are happy to open anomaly dataset from an ICS 
 - Search “HAI Dataset” on Google • You can freely send me any questions to me !! 
 - cwbae@nsr.re.kr

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper Poster Authors Poster Title ID. Number Prajeesh K.V., Meena Sankar, Comparative Evaluation of Beta- 11 D101 Rajasree Kuniparambil, Amith

236 views • 12 slides
Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive inter-limb device on step-to- step transition of human walking J Zhang: Queens University, Canada Q Li: Queens University, Canada A passive

734 views • 28 slides
POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions are scheduled for presentation in the main exhibitors area where lunch and morning and afternoon breaks are held. The poster boards will be position

347 views • 3 slides
NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk Gndoan 1 Peter Kietzmann 1 Martine Lenders 2 Hauke Petersen 2 Thomas C. Schmidt 1 Matthias Whlisch 2 1 HAW Hamburg 2 Freie Universitt Berlin CoAP

1.12k views • 56 slides
1 Sample Poster Arrangements The following three images are sample layouts for a poster

1 Sample Poster Arrangements The following three images are sample layouts for a poster

GUIDELINES FOR POSTER PRESENTATION Usually 10 posters will be presented in a session of about 1 hour. Poster presenter will interact with the audience personally, on a one to one basis. As you plan for your poster, please keep in mind the

581 views • 3 slides
If you have more than 1 poster in two different divisions, your poster assignments WILL NOT

If you have more than 1 poster in two different divisions, your poster assignments WILL NOT

ASEE 2020 Poster Presentation Guidelines The information below pertains to the 2020 Best Paper Nominees, the NSF Grantees, and the Division Poster Sessions. Poster Hanging/Removal Times To ensure that all posters are hung in time for the opening

356 views • 3 slides
Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der

Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der

Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der Marel ECIPE January 31, 2014 Abstract This paper addresses the empirical question whether having comparative advantage leads countries to

418 views • 25 slides
Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

IBAC 2017 Haridwar, India Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No. 41-80: Poster session-2 (Tuesday, 10 October, 2017) P. Title of abstract Presenter Affiliation No Effect of traffic

643 views • 6 slides
Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas Applied Economics and Policy Cornell University Presented at the USAID Evidence Forum on Resilience October 2, 2017 Washington D.C. Background

178 views • 14 slides
Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster

Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster

Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster submissions are accepted until Monday 10 February 2014 An electronic version of your poster must be forwarded to Anthony Kachenko, Nursery & Garden

601 views • 3 slides
Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

CPSC-663: Real-Time Systems Linux, Preemption, and Real-Time Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time Performance of Linux (L. Abeni , A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS

472 views • 9 slides
Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation and Real Measurement Josef Weidendorfer KDE Developer Conference 2004 Ludwigsburg, Germany Agenda Agenda Introduction Performance

492 views • 30 slides
graphics. Please use a consistent style and sequence (left to right or top to bottom) to guide the

graphics. Please use a consistent style and sequence (left to right or top to bottom) to guide the

Poster Presentation Guidelines To be considered for the poster presentation, the authors must submit poster title, abstract and the PDF version of the poster at the initial submission (May 2020). 1 Poster Title A title that is reflective of the

644 views • 3 slides
Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being

Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being

Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being supplied by Freeman of Ottawa, Canada. Each poster board is double-sided and has a surface area measuring of 8 (243.8 cm) wide by 4 (121.9 cm)

464 views • 4 slides
Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of

Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of

Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of Bayesian Statistics disutility costs observe customer choices Machine Learning 4 Calculate customer disutility Disutility cost perceived

259 views • 11 slides
Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper

Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper

Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper Approach Stephen J. Redding David E. Weinstein Princeton and NBER Columbia and NBER June, 2016 1 / 11 Bar Codes and Measurement: New Approaches

293 views • 11 slides
Impact of Traffic Lights on Trajectory Forecasting of Human-driven Vehicles Near Signalized

Impact of Traffic Lights on Trajectory Forecasting of Human-driven Vehicles Near Signalized

12th Workshop on Planning, Perception, Navigation for Intelligent Vehicle @ IROS2020 Impact of Traffic Lights on Trajectory Forecasting of Human-driven Vehicles Near Signalized Intersections Geunseob (GS) Oh , Huei Peng University of Michigan

372 views • 21 slides
2018 T r affic Signal Be nc hmar king Se lf Asse ssme nt We b Brie fing April 4, 2018 1 Pr

2018 T r affic Signal Be nc hmar king Se lf Asse ssme nt We b Brie fing April 4, 2018 1 Pr

2018 T r affic Signal Be nc hmar king Se lf Asse ssme nt We b Brie fing April 4, 2018 1 Pr e se ntation Outline Why Are We Asse ssing T ra ffic Sig na l Pro g ra ms So me Histo ry Assumptio ns Unde rlying Co nc e

413 views • 27 slides
Ask the Expert Brexit and the future of UK Trade Speaker: Dr Angus Armstrong , National

Ask the Expert Brexit and the future of UK Trade Speaker: Dr Angus Armstrong , National

Ask the Expert Brexit and the future of UK Trade Speaker: Dr Angus Armstrong , National Institute of Economic and Social Research Chair: Nigel Keohane , Social Market Foundation Wi-Fi Network: SMF @esrc @SMFthinktank #SMFask Password:

541 views • 17 slides
SESSION 2: Business Structures Liability limited by a scheme approved under Professional

SESSION 2: Business Structures Liability limited by a scheme approved under Professional

SESSION 2: Business Structures Liability limited by a scheme approved under Professional Standards Legislation Introducing: MHP Jean-Pierre Lesley Liability limited by a scheme approved under Professional Standards

565 views • 43 slides
CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Design Engineering A systematical way to translate SRS into design Start with use cases from SRS

480 views • 31 slides
Protocol Interconnection in Urban Traffic Coordination use case (demo) Georgios Bouloukakis

Protocol Interconnection in Urban Traffic Coordination use case (demo) Georgios Bouloukakis

Protocol Interconnection in Urban Traffic Coordination use case (demo) Georgios Bouloukakis Inria 1 st Review Meeting Brussels, February 11, 2016 Route planning: Choreography diagram Specification Specification sub-choreography diagram

315 views • 10 slides
1 Bayes Nets: Assumptions Independence in a BN Assumptions we are required to make to define

1 Bayes Nets: Assumptions Independence in a BN Assumptions we are required to make to define

1 2 Recap: Bayes Nets CS 473: Artificial Intelligence Bayes Nets: Independence A Bayes net is an efficient encoding of a probabilistic model of a domain Questions we can ask: Inference: given a fixed BN, what is P(X | e)?

197 views • 5 slides
Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015,

Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015,

Comparing Different Functional Allocations in Automated Air Traffic Control Design FMCAD 2015, September 27-30 Cristian Mattarei 1 , Alessandro Cimatti 1 , Marco Gario 1 , Stefano Tonetta 1 , and Kristin Y. Rozier 2 1 Fondazione Bruno Kessler,

651 views • 36 slides

More recommend