Papers by Pedro Silva
Intrusion detection systems (IDS) monitor network or system activities for malicious activities o... more Intrusion detection systems (IDS) monitor network or system activities for malicious activities or policy violations. As passive and non-intrusive safeguards they are particularly useful in mission-critical networks like industrial control systems (ICS). Such systems are particularly vulnerable to malicious attacks, which have seen a significant increase in recent years. However, IDS in ICS require different approaches to intrusion detection, which go beyond conventional blacklisting / whitelisting approaches. This paper examines a new technique, which is based on using the K-Nearest Neighbour scoring algorithm to discover periodic patterns in ICS network traffic.
Intrusion detection systems (IDS) monitor network or system activities for malicious activities o... more Intrusion detection systems (IDS) monitor network or system activities for malicious activities or policy violations. As passive and non-intrusive safeguards they are particularly useful in mission-critical networks such as industrial control systems (ICS). Such systems are particularly vulnerable to malicious attacks, which have seen a significant increase in recent years. However, IDS in ICS require different approaches to intrusion detection, which go beyond conventional blacklisting / whitelisting approaches. This thesis examines a new technique, which is based on using the K-Nearest Neighbour scoring algorithm to discover periodic patterns in ICS network traffic. Network traffic whitelisting is used to find anomalies and heuristic models detection to discard false alarms. The algorithm is experimented against datasets generated in a test bed. While results show the approach is feasible with low false positive rates, there are some implementation limitations that can be improved. Possible future work is also discussed.
Thesis Chapters by Pedro Silva
Intrusion detection systems (IDS) monitor network or system activities for malicious activities o... more Intrusion detection systems (IDS) monitor network or system activities for malicious activities or
policy violations. As passive and non-intrusive safeguards they are particularly useful in
mission-critical networks such as industrial control systems (ICS). Such systems are particularly
vulnerable to malicious attacks, which have seen a significant increase in recent years. However,
IDS in ICS require different approaches to intrusion detection, which go beyond conventional
blacklisting / whitelisting approaches. This thesis examines a new technique, which is based on
using the K-Nearest Neighbour scoring algorithm to discover periodic patterns in ICS network
traffic. Network traffic whitelisting is used to find anomalies and heuristic models detection to
discard false alarms. The algorithm is experimented against datasets generated in a test bed.
While results show the approach is feasible with low false positive rates, there are some
implementation limitations that can be improved. Possible future work is also discussed.
Uploads
Papers by Pedro Silva
Thesis Chapters by Pedro Silva
policy violations. As passive and non-intrusive safeguards they are particularly useful in
mission-critical networks such as industrial control systems (ICS). Such systems are particularly
vulnerable to malicious attacks, which have seen a significant increase in recent years. However,
IDS in ICS require different approaches to intrusion detection, which go beyond conventional
blacklisting / whitelisting approaches. This thesis examines a new technique, which is based on
using the K-Nearest Neighbour scoring algorithm to discover periodic patterns in ICS network
traffic. Network traffic whitelisting is used to find anomalies and heuristic models detection to
discard false alarms. The algorithm is experimented against datasets generated in a test bed.
While results show the approach is feasible with low false positive rates, there are some
implementation limitations that can be improved. Possible future work is also discussed.
policy violations. As passive and non-intrusive safeguards they are particularly useful in
mission-critical networks such as industrial control systems (ICS). Such systems are particularly
vulnerable to malicious attacks, which have seen a significant increase in recent years. However,
IDS in ICS require different approaches to intrusion detection, which go beyond conventional
blacklisting / whitelisting approaches. This thesis examines a new technique, which is based on
using the K-Nearest Neighbour scoring algorithm to discover periodic patterns in ICS network
traffic. Network traffic whitelisting is used to find anomalies and heuristic models detection to
discard false alarms. The algorithm is experimented against datasets generated in a test bed.
While results show the approach is feasible with low false positive rates, there are some
implementation limitations that can be improved. Possible future work is also discussed.