Daniel Fraunholz scite author profile

Since the early 1960, industrial process control has been applied by electric systems. In the mid 1970's, the term SCADA emerged, describing the automated control and data acquisition. Since most industrial and automation networks were physically isolated, security was not an issue. This changed, when in the early 2000's industrial networks were opened to the public internet. The reasons were manifold. Increased interconnectivity led to more productivity, simplicity and ease of use. It decreased the configuration overhead and downtimes for system adjustments. However, it also led to an abundance of new attack vectors. In recent time, there has been a remarkable amount of attacks on industrial companies and infrastructures. In this paper, known attacks on industrial systems are analysed. This is done by investigating the exploits that are available on public sources. The different types of attacks and their points of entry are reviewed in this paper. Trends in exploitation as well as targeted attack campaigns against industrial enterprises are introduced.

show abstract

Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data Set

Antón

Kanoor

Fraunholz

et al. 2018

View full text Add to dashboard Cite

In the context of the Industrial Internet of Things, communication technology, originally used in home and office environments, is introduced into industrial applications. Commercial off-the-shelf products, as well as unified and well-established communication protocols make this technology easy to integrate and use. Furthermore, productivity is increased in comparison to classic industrial control by making systems easier to manage, set up and configure. Unfortunately, most attack surfaces of home and office environments are introduced into industrial applications as well, which usually have very few security mechanisms in place. Over the last years, several technologies tackling that issue have been researched. In this work, machine learning-based anomaly detection algorithms are employed to find malicious traffic in a synthetically generated data set of Modbus/TCP communication of a fictitious industrial scenario. The applied algorithms are Support Vector Machine (SVM), Random Forest, k-nearest neighbour and k-means clustering. Due to the synthetic data set, supervised learning is possible. Support Vector Machine and k-nearest neighbour perform well with different data sets, while k-nearest neighbour and k-means clustering do not perform satisfactorily.

show abstract

An adaptive honeypot configuration, deployment and maintenance strategy

Fraunholz

Zimmermann

Schotten

2017

View full text Add to dashboard Cite

Since honeypots first appeared as an advanced network security concept they suffer from poor deployment and maintenance strategies. State-of-the-Art deployment is a manual process in which the honeypot needs to be configured and maintained by a network administrator. In this paper we present a method for a dynamic honeypot configuration, deployment and maintenance strategy based on machine learning techniques. Our method features an identification mechanism for machines and devices in a network. These entities are analysed and clustered. Based on the clusters, honeypots are intelligently deployed in the network. The proposed method needs no configuration and maintenance and is therefore a major advantage for the honeypot technology in modern network security.

show abstract

YAAS – On the Attribution of Honeypot Data

Fraunholz¹,

Krohmer²,

Antón³

et al. 2017

IJCSA

View full text Add to dashboard Cite

One of the major issues in digital forensics and attack analysis is the attribution of an attack to a type of malicious adversary. This is especially important to determine the relevance of an incident with respect to the threat it poses to a system. In this work, a holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced. This scheme takes data that is provided by deception systems of any kind. After that, characteristics are derived that describe different attributes of an attacker. Those are used to categorise threats into one of nine attacker classes. This scheme has been evaluated with real world honeypot data. As expected, most attacks are rather harmless, but a few outliers have been identified.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.