Title :
Automating security tests for industrial automation devices using neural networks
Author :
Medeiros, João Paulo S ; da Cunha, Allison C. ; Brito, Agostinho M. ; Pires, Paulo S Motta
Author_Institution :
Fed. Univ. of Rio Grande do Norte, Natal
Abstract :
TCP/IP OS fingerprinting is the task of identify a machine operating system according to its protocol stack implementation. Fingerprinting tools are able to provide information that can be useful to protect SCADA systems. It can be used for network device inventory, detect unauthorized or dangerous devices and select security tests. In this work we propose a new method for identify and classify network devices using the nmap tool fingerprinting capabilities and a neural network. With a new metric based on Euclidean distance for comparing OS fingerprints and a self-organizing neural net, we build a contextual map that groups similarities between systems. This map will be used to identify devices based on its operating system and select security tests according to the device class it belongs to.
Keywords :
SCADA systems; authorisation; operating systems (computers); production engineering computing; self-organising feature maps; Euclidean distance; SCADA system protection; TCP/IP OS fingerprinting; contextual map; dangerous device detection; industrial automation devices; machine operating system; network device inventory; neural networks; nmap fingerprint signatures; protocol stack; security test automation; self-organizing neural net; unauthorized device detection; Automatic testing; Automation; Fingerprint recognition; Information security; Neural networks; Operating systems; Protection; Protocols; SCADA systems; TCPIP;
Conference_Titel :
Emerging Technologies and Factory Automation, 2007. ETFA. IEEE Conference on
Conference_Location :
Patras
Print_ISBN :
978-1-4244-0825-2
Electronic_ISBN :
978-1-4244-0826-9
DOI :
10.1109/EFTA.2007.4416854
