skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Industrial control system device classification using network traffic features and neural network embeddings

Journal Article · · Array (New York)
ORCiD logo [1]; ORCiD logo [1]; ORCiD logo [1]
  1. Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
+ Show Author Affiliations

Characterization of modern cyber–physical Industrial Control System (ICS) devices is critical to the evaluation of their security posture and an understanding of the underlying industrial processes with which they interact. In this work, we address two related ICS device identification tasks: (1) separating ICS from non-ICS devices and (2) identifying specific ICS device types. We propose two distinct methods (one based on the existing IP2Vec method, and a novel traffic-features-based method) for achieving the first task. For transferability of the first task between two datasets, the traffic-features-based method performs significantly better (75% overall accuracy) compared to IP2Vec (22.5% overall accuracy). We further propose a novel method called DNP2Vec to address the second task. DNP2Vec is evaluated on two different datasets and achieves perfect multi-class classification accuracy (100%) for both datasets.

Research Organization:
Lawrence Livermore National Laboratory (LLNL), Livermore, CA (United States)
Sponsoring Organization:
USDOE National Nuclear Security Administration (NNSA); USDOE Laboratory Directed Research and Development (LDRD) Program
Grant/Contract Number:
AC52-07NA27344
OSTI ID:
1835680
Report Number(s):
LLNL-JRNL-819535; 1029789
Journal Information:
Array (New York), Vol. 12; ISSN 2590-0056
Publisher:
ElsevierCopyright Statement
Country of Publication:
United States
Language:
English

References (9)

Network Traffic Classification by Packet Length Signature Extraction conference November 2019
Gene Selection for Cancer Classification using Support Vector Machines journal January 2002
Machine Learning for the New York City Power Grid journal February 2012
Detecting Cyber Attacks in Industrial Control Systems Using Convolutional Neural Networks
  • Kravchik, Moshe; Shabtai, Asaf
  • CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security, Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy https://doi.org/10.1145/3264888.3264896
conference October 2018
Theory and applications of neural networks for industrial control systems journal January 1992
Towards automatic fingerprinting of IoT devices in the cyberspace journal January 2019
Network Video Traffic Classification Using Feature Fusion conference December 2020
Learning Automata Based Feature Selection for Network Traffic Intrusion Detection conference June 2018
Adaptive Stochastic Control for the Smart Grid journal June 2011

Similar Records

Authentication Protocol for ICS without Encryption
Conference · Mon Jul 01 00:00:00 EDT 2019 · OSTI ID:1835680
Device Classification for Industrial Control Systems Using Predicted Traffic Features
Journal Article · Wed Mar 16 00:00:00 EDT 2022 · Frontiers in Computer Science · OSTI ID:1835680
Two-Stream Multi-Channel Convolutional Neural Network for Multi-Lane Traffic Speed Prediction Considering Traffic Volume Impact
Journal Article · Sat Mar 07 00:00:00 EST 2020 · Transportation Research Record · OSTI ID:1835680
+1 more

Related Subjects

42 ENGINEERING
Industrial Control Systems
SCADADevice classification
Machine learning
Neural network embeddings
DNP2Vec