Next Article in Journal
Practical Attacks on Mobile Cellular Networks and Possible Countermeasures
Previous Article in Journal
Physical Layer Network Coding Based on Integer Forcing Precoded Compute and Forward
Previous Article in Special Issue
Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems
Article Menu

Export Article

Open AccessArticle
Future Internet 2013, 5(4), 460-473; doi:10.3390/fi5040460

Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network

VTT Technical Research Centre of Finland, Kaitovayla 1, Oulu 90571, Finland
Author to whom correspondence should be addressed.
Received: 27 June 2013 / Revised: 5 August 2013 / Accepted: 10 September 2013 / Published: 25 September 2013
(This article belongs to the Special Issue Security of Systems and Software Resiliency)
View Full-Text   |   Download PDF [267 KB, uploaded 25 September 2013]   |  


The deterministic and restricted nature of industrial control system networks sets them apart from more open networks, such as local area networks in office environments. This improves the usability of network security, monitoring approaches that would be less feasible in more open environments. One of such approaches is machine learning based anomaly detection. Without proper customization for the special requirements of the industrial control system network environment, many existing anomaly or misuse detection systems will perform sub-optimally. A machine learning based approach could reduce the amount of manual customization required for different industrial control system networks. In this paper we analyze a possible set of features to be used in a machine learning based anomaly detection system in the real world industrial control system network environment under investigation. The network under investigation is represented by architectural drawing and results derived from network trace analysis. The network trace is captured from a live running industrial process control network and includes both control data and the data flowing between the control network and the office network. We limit the investigation to the IP traffic in the traces. View Full-Text
Keywords: industrial control systems; anomaly detection; machine learning; network security industrial control systems; anomaly detection; machine learning; network security

Figure 1

This is an open access article distributed under the Creative Commons Attribution License (CC BY 3.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Mantere, M.; Sailio, M.; Noponen, S. Network Traffic Features for Anomaly Detection in Specific Industrial Control System Network. Future Internet 2013, 5, 460-473.

Show more citation formats Show less citations formats

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top