Register for free to
view the full innovation profile.
Inventors at Georgia Tech have developed a security framework involving software that functions as a network monitoring and intrusion detection system, with use for ICS networks.
About
Inventors at Georgia Tech have developed a security framework involving software that functions as a network monitoring and intrusion detection system, with use for ICS networks and connected devices like programmable logic controllers (PLCs). The system monitors network traffic, parses control system specific network protocols, raises alerts, and changes to the network communication patterns. This information displays in a web-based GUI. Included in this system are methods for detecting a program change, accidentally or maliciously, using the variation of the PLCs scan cycle times. The proposed work also embodies a passive fingerprinting technique, using the control messages in the ICS networks to infer the device type or a device’s operating condition. The variations in physical characteristics will produce a unique physical response and behavior from each device, thus creating a unique fingerprint.
Key Benefits
Versatile: Has many potential applications Immediate Feedback: changes to system can be identified in real time
Applications
Power generation, transmission, and distribution Oil and gas distribution Water treatment Navy ships’ industrial control systems Army refueling centers Supervisory control and data acquisition (SCADA)