A Comprehensive Network Anomaly Detection Framework based on Protocol Reverse Engineering for Industrial Control System

DC Field Value Language
dc.contributor.advisor손태식-
dc.contributor.author김현진-
dc.date.accessioned2022-11-29T02:33:04Z-
dc.date.available2022-11-29T02:33:04Z-
dc.date.issued2022-02-
dc.identifier.other31818-
dc.identifier.urihttps://dspace.ajou.ac.kr/handle/2018.oak/20561-
dc.description학위논문(박사)--아주대학교 일반대학원 :AI융합네트워크학과,2022. 2-
dc.description.tableofcontentsChapter 1 Introduction 1 1.1 Overall Framework 3 1.2 Contribution to the Field 4 1.3 Thesis outline 5 Chapter 2 Background 6 2.1 ICS network 6 2.2 ICS communication protocols 11 2.3 Related works traffic analysis for ICS network 25 2.4 Related works of protocol reverse engineering for ICS 29 2.5 Related works of anomaly detection for ICS 32 Chapter 3 Protocol Reverse Engineering for ICS 35 3.1 Introduction 35 3.2 Traffic Classification 37 3.3 Protocol Reverse Engineering 45 3.4 Correlation Analysis of Payload Field 54 3.5 Discussion 57 Chapter 4 Comprehensive Anomaly detection for ICS 58 4.1 Introduction 58 4.2 Anomaly detection method 61 4.3 Experiment 72 4.4 Discussion 81 Chapter 5 Conclusion 82 5.1 Summary 82 5.2 Future works 83 5.3 Closing Remark 83 Bibliography 84-
dc.language.isoeng-
dc.publisherThe Graduate School, Ajou University-
dc.rights아주대학교 논문은 저작권에 의해 보호받습니다.-
dc.titleA Comprehensive Network Anomaly Detection Framework based on Protocol Reverse Engineering for Industrial Control System-
dc.typeThesis-
dc.contributor.affiliation아주대학교 일반대학원-
dc.contributor.department일반대학원 AI융합네트워크학과-
dc.date.awarded2022. 2-
dc.description.degreeDoctoral-
dc.identifier.localId1244944-
dc.identifier.uciI804:41038-000000031818-
dc.identifier.urlhttps://dcoll.ajou.ac.kr/dcollection/common/orgView/000000031818-
dc.subject.keywordIndustrial Control Systems-
dc.subject.keywordanomaly detection-
dc.subject.keywordnetwork security-
dc.subject.keywordprotocol reverse engineering-
dc.description.alternativeAbstractWith the advent of the era of the Fourth Industrial Revolution, industrial control systems are adopting Ethernet-based communication systems. As a result, connectivity and interoperability have increased, but new security threats are emerging as the boundaries of the hierarchical levels disappear and connections with the external devices increase. Since the ICS is deployed to critical infrastructure, the success of cyberattacks causes enormous social and economic damage. In fact, ICS cyberattacks are increasing and these attacks are becoming sophisticated and advanced. In order to cope with such advanced attacks, an anomaly detection system specialized in ICS should be applied, but security incidents are expected to continue as most ICS sites still rely on an isolated network environment-based security. In the thesis, we propose an anomaly detection framework for detecting cyberattacks in Ethernet-based ICS networks. The proposed framework is based on the traffic classification and protocol reverse engineering method without detailed knowledge of each field. In the case of traffic classification and protocol reverse engineering, a series of techniques are proposed to extract characteristics that can utilize anomaly detection without detailed knowledge of each site by inferring structure and semantics from the collected network data. In the case of anomaly detection, a framework for performing a defense-in-depth approach was proposed based on the deterministic of the extracted characteristics. We verified the effectiveness of these techniques experimentally compare to expert-knowledge based methods.-
Appears in Collections:
Graduate School of Ajou University > Department of Artificial Intelligence Convergence Network > 4. Theses(Ph.D)
Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse