role inference anomaly detection situational awareness in
play

Role Inference + Anomaly Detection = Situational Awareness in BACnet - PowerPoint PPT Presentation

Dec 16, 2023 •669 likes •837 views

Role Inference + Anomaly Detection = Situational Awareness in BACnet networks D. Fauri , M. Kapsalakis, D. R. dos Santos, E.Costante, J. den Hartog, S. Etalle Gothenburg, Sweden DIMVA 2019 - 16th Conference on Detection of Intrusions and

  1. Role Inference + Anomaly Detection = Situational Awareness in BACnet networks D. Fauri , M. Kapsalakis, D. R. dos Santos, E.Costante, J. den Hartog, S. Etalle Gothenburg, Sweden – DIMVA 2019 - 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment

  2. Building Automation Systems (BAS) • They manage HVAC, video surveillance, access control, lighting, elevators … • Usually across many buildings, many different networks (but interoperability exists, e.g. BACnet) • They can be managed remotely • They can be attacked remotely Icons made by Freepik from www.flaticon.com 2 Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks - D.Fauri et al.

  3. Situational Awareness in BAS Cyber Situational Awareness is structured in three subsuming levels [1] : 1) Basic perception of important data: 1 Perceive e.g., presence of devices in a network, device configuration, device behavior, alerts raised by IDS, system specification 2 Comprehend 2) Interpretation and combination of data into knowledge: e.g., search a device’s FW version in a CVE database, recognize if a raised alert is a false alarm or not 3 Project 3) Ability to predict future events and their implications: e.g., assess the risk of a vulnerability, decide if an alert should be Resolve acted upon [1] M. Endsley, “Design and Evaluation for Situation Awareness Enhancement”, 1988 3 Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks - D.Fauri et al.

  4. Anomaly Detection != Situational Awareness Learning-based anomaly detection deals better with BAS heterogeneity, but: • Alerts are not actionable per se : we need meaningful context information • Learned models are specific to each device : there is no grouping into semantically equivalent classes 4 Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks - D.Fauri et al.

  5. Role Inference We propose to infer high-level attributes from observed data. Ex. the role of a device represents its functional behavior in the network Understandability is improved: The role provides meaningful context information to interpret a device’s [anomalous] behavior Adaptability is improved: When a new device appears on the network, we can apply rules and models based on the device’s role 5 Role Inference + Anomaly Detection = Situational Awareness in BACnet Networks - D.Fauri et al.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications

Situational Awareness Leveraging Versant JPA for Big Data Situation Awareness Applications Matthew Barker, Director Prof. Services Versant Corporation Situational Awareness Defined Agenda Short SA Video Big Data and Situational

545 views • 21 slides
Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The

Situational Awareness: Terrain Reasoning for Tactical Shooter A.I Situational Awareness The capability of an A.I. agent to reason is limited by the data its sensor's can acquire about the world The representation of the data we use to

537 views • 31 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative

Anomaly Detection Jia-Bin Huang Virginia Tech Spring 2019 ECE-5424G / CS-5824 Administrative Anomaly Detection Motivation Developing an anomaly detection system Anomaly detection vs. supervised learning Choosing what features

514 views • 34 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

984 views • 72 slides
Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier

Data Mining II Anomaly Detection Heiko Paulheim Anomaly Detection Also known as Outlier Detection Automatically identify data points that are somehow different from the rest Working assumption: There are considerably

905 views • 74 slides
Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply

Automated Reasoning for Situational Awareness Peter Baumgartner, Alexander Krumpholz Supply Chain Integrity Digital Mission www.data61.csiro.au Situational Awareness - Systems of Interest Factory Floor - Are the operations carried out

1.24k views • 87 slides
NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness

Better Decisions in Moments of Truth with DTI 3D NVIDIA ECS March 19, 2015 1 How does 3D help humans? CFIT Loss of Situational Awareness Situational Awareness Perceive Comprehend Project Decide Act {"45752bf": [3958177,

347 views • 16 slides
Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview

Learning Rules for Anomaly Detection (LERAD) of Hostile Network Traffic Matt Mahoney Overview Prior Work in Network Anomaly Detection The 1999 DARPA Intrusion Detection Evaluation Packet Header Anomaly Detection (PHAD) Application

575 views • 18 slides
Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and

Situational Awareness Jeff Hughes Bryan Ladds Dave Hamilton Special Guest A Complete and Integrated System Supporting Emergency Management Operations Maintain Conduct Manage Situational Damage Public Awareness Assessment Information

839 views • 41 slides
Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium

Visualization & Situational Awareness Demonstrations Project Presentation for EPIC Symposium December 1, 2016 Sacramento, CA Confidential Draft - For Internal Use Only 1 Visualization and Situational Awareness Demonstrations Aksel

289 views • 16 slides
<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

<Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection

Data Council Singapre 2019 Autoencoder Forest for Anomaly Detection from IoT Time Series <Title> Yiqun Hu, SP Group Agenda Condition monitoring & anomaly detection Autoencoder for anomaly detection Autoencoder

540 views • 27 slides
In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong,

In Incorporating Feedback in into Tree-based Anomaly Detection Shubhomoy Das, Weng-Keen Wong, Alan Fern, Thomas G. Dietterich and Md Amran Siddiqui School of EECS Anomaly Detection Goal: Identify rare or strange objects 2 Anomaly

756 views • 51 slides
Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The

Dataflow Anomaly Detection Presented By Archana Viswanath Computer Science and Engineering The Pennsylvania State University Anomaly Intrusion Detection Systems Anomaly Intrusion Detection Systems Model normal behavior. Attack - Any

417 views • 20 slides
Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our

Can we leverage network monitoring to build comprehensive situational awareness of our operating environments in a way that scales well? How could such an awareness allow us to find anomalous and malicious behavior? God I hope so. If

215 views • 7 slides
Massless Scalar & Scalar Condensate from the Quantum Conformal Anomaly E. Mottola, Los Alamos

Massless Scalar & Scalar Condensate from the Quantum Conformal Anomaly E. Mottola, Los Alamos

Massless Scalar & Scalar Condensate from the Quantum Conformal Anomaly E. Mottola, Los Alamos w. D. Blaschke, R. Caballo-Rubio, JHEP 1412 (2014) 153 w. R. Vaulin, Phys. Rev. D 74, 064004 (2006) w. I. Antoniadis & P. O. Mazur, N. Jour.

520 views • 23 slides
A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four

A New SU(2) Anomaly Edward Witten PCTS, October 3, 2018 A familiar anomaly says that in four spacetime dimensions, an SU(2) gauge theory with a single multiplet of fermions that transform under SU(2) in the spin 1/2 representation is

820 views • 43 slides
Data Analysis, Machine Learning, Bro and You! Together again like never before... Presenter

Data Analysis, Machine Learning, Bro and You! Together again like never before... Presenter

Data Analysis, Machine Learning, Bro and You! Together again like never before... Presenter Brian Wylie Working at Kitware Inc. Background in Information Security and Vis Likes open source and mixed Corgis Whats the point of this talk?

705 views • 25 slides
Outside the Closed World: On Finding Intrusions with Anomaly Detection Robin Sommer

Outside the Closed World: On Finding Intrusions with Anomaly Detection Robin Sommer

Outside the Closed World: On Finding Intrusions with Anomaly Detection Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org Advanced Topics in Computer

1.35k views • 99 slides
Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge)

Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge)

Z Explanations of Neutral Current B Anomalies by Ben Allanach (University of Cambridge) Can we directly discover particles from explanations? Third Family Hypercharge Model General SM U (1) model BCA, Gripaios, You,

990 views • 75 slides
The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica

The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica

The Golden Age of Chirality and Quantum Mechanics Karl Landsteiner Instituto de Fsica Terica UAM-CSIC Theoretical Physics Colloquium , Arizona State University , April 8 th , 2020 Outline Introduction Anomalies Theory of

1.24k views • 39 slides
Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey

Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey

AccuLoc: Practical Localization of Performance Measurement in 3G Networks Qiang Xu*, Alexandre Gerber ++ , Z. Morley Mao*, Jeffrey Pang ++ * University of Michigan Ann Arbor ++ AT&T Labs Research Visibility of Device in Cellular Network X X

588 views • 21 slides
Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep

Challenges in Vessel Behavior and Anomaly Detection: From Classical Machine Learning to Deep Learning Lucas May Petry 1 , Amilcar Soares 2 , Vania Bogorny 1 , Bruno Brandoli 2 , Stan Matwin 2 1 Programa de Ps-Graduao em Cincias da

1.26k views • 16 slides

More recommend