In an industrial Internet of Things environment many different and interconnected machines communicate with each other. The resulting data flows allow for early threat and anomaly detection: The Fraunhofer SIT experts are using the network traffic of Industrial Control Systems (ICS) as an early warning system for attacks and other undesired modifications.
The Fraunhofer SIT experts are applying methods from machine learning and big data technology in order to identify unknown threats, unauthorized access, network errors and other anomalies within an ICS:
- Based on the company’s normal network, and using machine learning, a model is trained first, which then is used as the starting point for the analytic process.
- The anomaly detection system takes this model and applies it to the new running network traffic.
- If occurrences are detected that deviate from the previously trained model (i.e. represent an anomaly), these occurrences will be identified and reported via a security command centre.
Thus the Fraunhofer SIT is helping network providers to achieve better data flow transparency within their Industrial Control Systems and to detect not only known threats but also previously unknown anomalies that may represent a danger.
- Anomaly detection in ICS using machine learning and big data technology
- Individual network data analysis
- Analysis of fieldbus, sensor, manufacturing and ERP data