Identification of industrial devices based on payload
| dc.contributor.author | Pospíšil, Ondřej | cs |
| dc.contributor.author | Fujdiak, Radek | cs |
| dc.date.accessioned | 2025-02-27T17:24:13Z | |
| dc.date.available | 2025-02-27T17:24:13Z | |
| dc.date.issued | 2024-07-30 | cs |
| dc.description.abstract | Identification of industrial devices based on their behavior in network communication is important from a cybersecurity perspective in two areas: attack prevention and digital forensics. In both areas, device identification falls under asset management or asset tracking. Due to the impact of active scanning on these networks, particularly in terms of latency, it is important to use passive scanning in industrial networks. For passive identification, statistical learning algorithms are nowadays the most appropriate. The aim of this paper is to demonstrate the potential for passive identification of PLC devices using statistical learning based on network communication, specifically the payload of the packet. Individual statistical parameters from 15 minutes of traffic based on payload entropy were used to create the features. Three scenarios were performed and the XGBoost algorithm was used for evaluation. In the best scenario, the model achieved an accuracy score of 83% to identify individual devices. | en |
| dc.format | text | cs |
| dc.format.extent | 1-9 | cs |
| dc.format.mimetype | application/pdf | cs |
| dc.identifier.citation | ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security. 2024, p. 1-9. | en |
| dc.identifier.doi | 10.1145/3664476.3670462 | cs |
| dc.identifier.isbn | 979-8-4007-1718-5 | cs |
| dc.identifier.orcid | 0000-0002-8347-4847 | cs |
| dc.identifier.orcid | 0000-0002-8319-0633 | cs |
| dc.identifier.other | 189222 | cs |
| dc.identifier.scopus | 56610269000 | cs |
| dc.identifier.uri | https://hdl.handle.net/11012/250065 | |
| dc.language.iso | en | cs |
| dc.publisher | Association for Computing Machinery | cs |
| dc.relation.ispartof | ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security | cs |
| dc.relation.uri | https://dl.acm.org/doi/10.1145/3664476.3670462 | cs |
| dc.rights | Creative Commons Attribution 4.0 International | cs |
| dc.rights.access | openAccess | cs |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | cs |
| dc.subject | PLC | en |
| dc.subject | OT | en |
| dc.subject | Identification | en |
| dc.subject | ICS | en |
| dc.subject | ML | en |
| dc.subject | XGBoost | en |
| dc.title | Identification of industrial devices based on payload | en |
| dc.type.driver | conferenceObject | en |
| dc.type.status | Peer-reviewed | en |
| dc.type.version | publishedVersion | en |
| eprints.grantNumber | info:eu-repo/grantAgreement/TA0/FW/FW06010490 | cs |
| sync.item.dbid | VAV-189222 | en |
| sync.item.dbtype | VAV | en |
| sync.item.insts | 2025.02.27 18:24:12 | en |
| sync.item.modts | 2025.02.21 11:31:56 | en |
| thesis.grantor | Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií. Ústav telekomunikací | cs |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- 3664476.3670462.pdf
- Size:
- 642.09 KB
- Format:
- Adobe Portable Document Format
- Description:
- file 3664476.3670462.pdf