repository
Graduate School of Ajou University
Department of Artificial Intelligence Convergence Network
4. Theses(Ph.D)
A Comprehensive Network Anomaly Detection Framework based on Protocol Reverse Engineering for Industrial Control System
- Author(s)
- 김현진
- Advisor
- 손태식
- Department
- 일반대학원 AI융합네트워크학과
- Publisher
- The Graduate School, Ajou University
- Publication Year
- 2022-02
- Language
- eng
- Keyword
- Industrial Control Systems; anomaly detection; network security; protocol reverse engineering
- Alternative Abstract
- With the advent of the era of the Fourth Industrial Revolution, industrial control systems are adopting Ethernet-based communication systems. As a result, connectivity and interoperability have increased, but new security threats are emerging as the boundaries of the hierarchical levels disappear and connections with the external devices increase. Since the ICS is deployed to critical infrastructure, the success of cyberattacks causes enormous social and economic damage. In fact, ICS cyberattacks are increasing and these attacks are becoming sophisticated and advanced. In order to cope with such advanced attacks, an anomaly detection system specialized in ICS should be applied, but security incidents are expected to continue as most ICS sites still rely on an isolated network environment-based security. In the thesis, we propose an anomaly detection framework for detecting cyberattacks in Ethernet-based ICS networks. The proposed framework is based on the traffic classification and protocol reverse engineering method without detailed knowledge of each field. In the case of traffic classification and protocol reverse engineering, a series of techniques are proposed to extract characteristics that can utilize anomaly detection without detailed knowledge of each site by inferring structure and semantics from the collected network data. In the case of anomaly detection, a framework for performing a defense-in-depth approach was proposed based on the deterministic of the extracted characteristics. We verified the effectiveness of these techniques experimentally compare to expert-knowledge based methods.
- Fulltext
- Appears in Collections:
- Graduate School of Ajou University > Department of Artificial Intelligence Convergence Network > 4. Theses(Ph.D)
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
-
- License
- STATISTICS
- Total Visit :3,750,617
- Total Download :1,818
- Today View :28,275
