Concepts such as Industry 4.0 are challenging the IT security of Industrial Control Networks (ICN) due to growing connectivity with insecure networks, such as corporate networks. Vulnerable devices within the ICN need to be protected by monitoring tools such as Intrusion Detection Systems (IDS). These tools not only provide information on suspicious traffic data observed, but also assess the semantics of an attack. Given the large number of security events generated by these systems, security analysts may overlook important annotations. This work attempts to leverage semantic annotations in combination with traffic and temporal information, using unsupervised machine learning methods (Self-Organizing Maps), to facilitate processing in the Security Operation Center. Instead of handling individual security events, our approach provides groups of heterogeneous security events leading to prototypical scenarios and classified and reusable use cases that only need to be analyzed once. We evaluate our approach using a non-synthetic dataset generated on a shop floor in the automotive sector, focusing on security events related to the Log4j vulnerability.
CITATION STYLE
Hormann, R., Bokelmann, D., & Ortmeier, F. (2023). Analysis of Security Events in Industrial Networks Using Self-Organizing Maps by the Example of Log4j. In International Conference on Internet of Things, Big Data and Security, IoTBDS - Proceedings (Vol. 2023-April, pp. 51–60). Science and Technology Publications, Lda. https://doi.org/10.5220/0011839900003482
Mendeley helps you to discover research relevant for your work.