poster an empirical comparative measurement on real ics
play

(POSTER) An Empirical Comparative Measurement on Real ICS Network - PowerPoint PPT Presentation

Jul 13, 2023 •410 likes •507 views

(POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI) Motivation Cyber-Physical Systems = Industrial Control Systems

  1. 
 (POSTER) An Empirical Comparative Measurement on Real ICS Network Tra ffi c to Internet Tra ffi c Chanwoo Bae, Won-Seok Hwang National Security Research Institute (NSRI)

  2. Motivation • Cyber-Physical Systems = Industrial Control Systems (ICS) 
 + Software & Network Systems • ICS : machines, physical operations are driving (not human) • Network tra ffi c, any characteristic? • We may guess but no proper measurement! Let’s measure!

  3. Data Collection • Domain-scale networks 
 - Campus vs ICS 
 - Not Global-scale such as BGP • ICS Network Tra ffi c 
 - Two Water Treatment Facilities (let’s say ICS-I, ICS-II ) 
 - real-world sites in South Korea • Public Internet Tra ffi c (Campus Networks) 
 - Auckland Univ. (wand.net.nz, lets say INT-A ) 
 - Wisconsin (pages.cs.wisc.edu/~tbenson/, lets say INT-U )

  4. Traffic Utilization • ICS tra ffi c 
 - Carrying control messages + oracle DB 
 - machines generate tra ffi c • Internet tra ffi c 
 - HTTP + HTTPS + DNS are most * Modbus, LS-IS : Control Protocols for PLC

  5. Network Graph Analysis • Build Graph From the network tra ffi c 
 - aka., Tra ffi c Dispersion Graph [1] 
 - Nodes = distinct IPs 
 - Edges = at least one packet ICS-I ICS-II INT-A INT-U [1] M. Iliofotou et al, Network Monitoring using Tra ffi c Dispersion Graphs (TDG), Sigcomm 07

  6. Network Graph Analysis • Community size distribution 
 - Using community discovery algorithm 
 - Good to know group activity pattern • Results 
 - ICS tra ffi c : relatively small size of group (20~40) 
 - Internet tra ffi c : massive size of group (~100)

  7. Network Graph Analysis • Joint Degree Distributions 
 - Brightness in (x,y) : how many edges connecting 
 degree x node and degree y node • ICS Tra ffi c 
 - clustered by evenly 
 distributed communities 
 - p2p networks in 
 each community • Internet Tra ffi c 
 - right upper, left bottom areas 
 - few selected nodes dominate 
 most edges (famous sites)

  8. Time-Series Analysis • Time-Series Analysis 
 - How Dynamic? 0-N Edges, Jaccard Index [2] 
 - How Periodic? Autocorrelation Method 
 - Detail score : refer the paper • Results 
 - ICS tra ffi c is less dynamic than Internet tra ffi c 
 (maybe repeatedly operate same logic) 
 - All flows are not periodic in ICS tra ffi c, 
 but flows of industrial protocols are relatively periodic [2] M. Iliofotou et al, Exploiting dynamicity in graph-based tra ffi c analysis, CoNEXT 09

  9. Thanks • Source code for this paper is available at cwb.kr:8080 • We are happy to open anomaly dataset from an ICS 
 - Search “HAI Dataset” on Google • You can freely send me any questions to me !! 
 - cwbae@nsr.re.kr

Recommend

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper

Poster Session-1 February 27 th , 2017, 13.00 -15.00 h Track D1: Biodiesel and Bio-Ethanol Paper Poster Authors Poster Title ID. Number Prajeesh K.V., Meena Sankar, Comparative Evaluation of Beta- 11 D101 Rajasree Kuniparambil, Amith

236 views • 12 slides
Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive

Poster A1 Poster A2 Poster A3 Poster A4 Poster A5 Poster A6 Investigation of a passive inter-limb device on step-to- step transition of human walking J Zhang: Queens University, Canada Q Li: Queens University, Canada A passive

734 views • 28 slides
POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions

POSTER PRESENTATION & POSTER DESIGN GUIDELINES PRESENTING YOUR POSTER The poster sessions are scheduled for presentation in the main exhibitors area where lunch and morning and afternoon breaks are held. The poster boards will be position

347 views • 3 slides
NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT ACM ICN 2018, Boston Cenk Gndoan 1 Peter Kietzmann 1 Martine Lenders 2 Hauke Petersen 2 Thomas C. Schmidt 1 Matthias Whlisch 2 1 HAW Hamburg 2 Freie Universitt Berlin CoAP

1.12k views • 56 slides
1 Sample Poster Arrangements The following three images are sample layouts for a poster

1 Sample Poster Arrangements The following three images are sample layouts for a poster

GUIDELINES FOR POSTER PRESENTATION Usually 10 posters will be presented in a session of about 1 hour. Poster presenter will interact with the audience personally, on a one to one basis. As you plan for your poster, please keep in mind the

581 views • 3 slides
If you have more than 1 poster in two different divisions, your poster assignments WILL NOT

If you have more than 1 poster in two different divisions, your poster assignments WILL NOT

ASEE 2020 Poster Presentation Guidelines The information below pertains to the 2020 Best Paper Nominees, the NSF Grantees, and the Division Poster Sessions. Poster Hanging/Removal Times To ensure that all posters are hung in time for the opening

356 views • 3 slides
Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der

Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der

Does Comparative Advantage Induce Unilateral Liberalization? The Case of Services Erik van der Marel ECIPE January 31, 2014 Abstract This paper addresses the empirical question whether having comparative advantage leads countries to

418 views • 25 slides
Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No.

IBAC 2017 Haridwar, India Poster Presentations Poster No. 01-40: Poster session-1 (Monday, 09 October, 2017) Poster No. 41-80: Poster session-2 (Tuesday, 10 October, 2017) P. Title of abstract Presenter Affiliation No Effect of traffic

643 views • 6 slides
Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas

Empirical Requirements of Resilience Measurement Focus on Shocks and Stressors Mark A. Constas Applied Economics and Policy Cornell University Presented at the USAID Evidence Forum on Resilience October 2, 2017 Washington D.C. Background

178 views • 14 slides
Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster

Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster

Poster Presentation Guidelines Version 1 .0 - 28 October 20 13 POSTER SUBMI SSI ON Poster submissions are accepted until Monday 10 February 2014 An electronic version of your poster must be forwarded to Anthony Kachenko, Nursery & Garden

601 views • 3 slides
Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

CPSC-663: Real-Time Systems Linux, Preemption, and Real-Time Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time Performance of Linux (L. Abeni , A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS

472 views • 9 slides
Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation

Performance Optimization: Performance Optimizatio n: Simulation and Real Measurement Simulation and Real Measurement Josef Weidendorfer KDE Developer Conference 2004 Ludwigsburg, Germany Agenda Agenda Introduction Performance

492 views • 30 slides
graphics. Please use a consistent style and sequence (left to right or top to bottom) to guide the

graphics. Please use a consistent style and sequence (left to right or top to bottom) to guide the

Poster Presentation Guidelines To be considered for the poster presentation, the authors must submit poster title, abstract and the PDF version of the poster at the initial submission (May 2020). 1 Poster Title A title that is reflective of the

644 views • 3 slides
Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being

Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being

Poster Presentation Information for CRYO2016 Poster Boards This year poster boards are being supplied by Freeman of Ottawa, Canada. Each poster board is double-sided and has a surface area measuring of 8 (243.8 cm) wide by 4 (121.9 cm)

464 views • 4 slides
Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of

Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of

Advancing pricing capabilities with new data Tom Gregorson Big Data Empirical measurement of Bayesian Statistics disutility costs observe customer choices Machine Learning 4 Calculate customer disutility Disutility cost perceived

259 views • 11 slides
Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper

Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper

Big Data and the Measurement of Prices and Real Economic Activity: A Better, Faster, Cheaper Approach Stephen J. Redding David E. Weinstein Princeton and NBER Columbia and NBER June, 2016 1 / 11 Bar Codes and Measurement: New Approaches

293 views • 11 slides
Poster Discussion and Poster Presentation Guidelines Poster

Poster Discussion and Poster Presentation Guidelines Poster

Poster Discussion and Poster Presentation Guidelines Poster Guidelines___________________________________________________________________________________ Format and File Type : All Posters should be in LANDSCAPE (horizontal) format and saved as a

478 views • 3 slides
Critique #2 M. Sha, G. Hackmann and C. Lu, Real-world Empirical Studies on Multi- Channel

Critique #2 M. Sha, G. Hackmann and C. Lu, Real-world Empirical Studies on Multi- Channel

Critique #2 M. Sha, G. Hackmann and C. Lu, Real-world Empirical Studies on Multi- Channel Reliability and Spectrum Usage for Home-Area Sensor Networks, IEEE Transactions on Network and Service Management, 10(1): 56-69, March 2013. Due on

707 views • 28 slides
Paper: Optimal Kronecker-Sum Approximation of Real Time Recurrent Learning Poster: Online &

Paper: Optimal Kronecker-Sum Approximation of Real Time Recurrent Learning Poster: Online &

Paper: Optimal Kronecker-Sum Approximation of Real Time Recurrent Learning Poster: Online & Untruncated Gradients for RNNs Frederik Benzing*, Marcelo Matheus Gauy*, Asier Mujika, Anders Martinsson, Angelika Steger Department for Computer

570 views • 8 slides
Comparative Presentation of Real-Time Obstacle Avoidance Algorithms Using Solely Stereo Vision

Comparative Presentation of Real-Time Obstacle Avoidance Algorithms Using Solely Stereo Vision

Comparative Presentation of Real-Time Obstacle Avoidance Algorithms Using Solely Stereo Vision Ioannis Kostavelis, Lazaros Nalpantidis and Antonios Gasteratos Robotics and Automation Lab., Production and Management Engineering Dept., Democritus

553 views • 5 slides
Poster & Final Presentation Poster Due: Sunday, May 31, 2015 (11:00 PM) Poster Revisions Due:

Poster & Final Presentation Poster Due: Sunday, May 31, 2015 (11:00 PM) Poster Revisions Due:

CS 377E Spring 2015: Assignment 9 Instructors: Tanja Aitamurto and James Landay, CA Makiko Fujimoto Poster & Final Presentation Poster Due: Sunday, May 31, 2015 (11:00 PM) Poster Revisions Due: Monday, June 1, 2015 (noon) Slides Due: Monday,

302 views • 5 slides
POSTER PRESENTATIONS There are two poster sessions on 26 and 27 June, respectively, proceeded

POSTER PRESENTATIONS There are two poster sessions on 26 and 27 June, respectively, proceeded

POSTER PRESENTATIONS There are two poster sessions on 26 and 27 June, respectively, proceeded by a brief oral introduction session (1 min, 1 slide for each poster; see workshop schedule). However, all posters will be displayed during the

364 views • 5 slides
Poster (H) Display Board 950 mm (W) 1 2. Posters must be written in English . Each poster must

Poster (H) Display Board 950 mm (W) 1 2. Posters must be written in English . Each poster must

Poster Presentation Guidelines 1. All presenters are required to register in the conference. 2. All posters are developed by presenters at their own cost. 3. Adhesive velcro will be provided on site for poster mounting. Push pins and staples are

521 views • 3 slides
POSTER PRESENTATIONS Poster Presenter Poster Title Country A.A. Nayl Recovery and Separation

POSTER PRESENTATIONS Poster Presenter Poster Title Country A.A. Nayl Recovery and Separation

POSTER PRESENTATIONS Poster Presenter Poster Title Country A.A. Nayl Recovery and Separation of Lanthanides from Phosphogypsum KSA P1 F. Alkhtatbeh Electrochemical Deposition of Cu-Doped ZnO Nanostructures for Sensing Jordan P2

189 views • 5 slides

More recommend