Anomaly Detection Using Visualization-based Network Forensics

Vol. 27, No. 1, pp. 25-38, Feb. 2017
10.13089/JKIISC.2017.27.1.25, Full Text:
Keywords: Industrial Control System, Industrial IoT, Visualization, Network Forensics, DNP3
Abstract

Many security threats are occurring around the world due to the characteristics of industrial control systems that can cause serious damage in the event of a security incident including major national infrastructure. Therefore, the industrial control system network traffic should be analyzed so that it can identify the attack in advance or perform incident response after the accident. In this paper, we research the visualization technique as network forensics to enable reasonable suspicion of all possible attacks on DNP3 control system protocol, and define normal action based rules and derive visualization requirements. As a result, we developed a visualization tool that can detect sudden network traffic changes such as DDoS and attacks that contain anormal behavior from captured packet files on industrial control system network. The suspicious behavior in the industrial control system network can be found using visualization tool with Digital Bond packet.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
W. Jo, M. Kim, K. Park, M. Hong, J. Kwak, T. Shon, "Anomaly Detection Using Visualization-based Network Forensics," Journal of The Korea Institute of Information Security and Cryptology, vol. 27, no. 1, pp. 25-38, 2017. DOI: 10.13089/JKIISC.2017.27.1.25.

[ACM Style]
Woo-yeon Jo, Myung-jong Kim, Keun-ho Park, Man-pyo Hong, Jin Kwak, and Taeshik Shon. 2017. Anomaly Detection Using Visualization-based Network Forensics. Journal of The Korea Institute of Information Security and Cryptology, 27, 1, (2017), 25-38. DOI: 10.13089/JKIISC.2017.27.1.25.