Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Sequence-Based Anomaly Detection in Critical Infrastructure Networks

Conference ·
OSTI ID:3023455
 [1];  [2];  [2];  [3];  [4]
  1. Georgia Tech
  2. Idaho National Laboratory
  3. Duke University
  4. University of Florida
+ Show Author Affiliations
United States critical infrastructure faces new cyber threats from adversarial nation-state actors in the form of malware-free attacks. Traditional cybersecurity techniques use rules-based methods to identify indicators of compromise on networks, often missing these sophisticated attacks. Our approach leverages multiple state of the art machine learning models in a pipeline to identify abnormal network events through sequential analysis. We combine both device and packet-level information into individual events to characterize anomalous network actions. The model is trained and tested on real network traffic from the Idaho National Lab High Performance Computing (HPC) with greater than 98% precision. It is capable of flagging malicious tactics used by adversaries in malware-free attacks, severe changes to the network, and abnormal user activity by network devices.
Research Organization:
Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Sponsoring Organization:
USDOE Office of Nuclear Energy (NE); USDOE Office of Nuclear Energy (NE)
DOE Contract Number:
AC07-05ID14517;
OSTI ID:
3023455
Report Number(s):
INL/MIS-24-79682
Resource Type:
Conference proceedings
Conference Information:
Idaho National Laboratory Intern Poster Session, Idaho Falls, 04/07/2024 - 04/07/2024
Country of Publication:
United States
Language:
English

Similar Records

Real-Time SCADA Cyber Protection Using Compression Techniques
Conference · Thu Oct 31 20:00:00 EDT 2013 · OSTI ID:1122126
SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013
Technical Report · Mon Dec 31 23:00:00 EST 2012 · OSTI ID:1070143
PRECURSOR ANALYSIS REPORT: INDUSTROYER2 AND WIPER MALWARE TARGETING UKRAINIAN ENERGY PROVIDER 2022
Technical Report · Mon Oct 13 20:00:00 EDT 2025 · OSTI ID:3030047

Related Subjects

99 - GENERAL AND MISCELLANEOUS
cybersecurity
machine learning