Analysis of Security Events in Industrial Networks Using Self-Organizing Maps by the Example of Log4j

0Citations
Citations of this article
5Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Concepts such as Industry 4.0 are challenging the IT security of Industrial Control Networks (ICN) due to growing connectivity with insecure networks, such as corporate networks. Vulnerable devices within the ICN need to be protected by monitoring tools such as Intrusion Detection Systems (IDS). These tools not only provide information on suspicious traffic data observed, but also assess the semantics of an attack. Given the large number of security events generated by these systems, security analysts may overlook important annotations. This work attempts to leverage semantic annotations in combination with traffic and temporal information, using unsupervised machine learning methods (Self-Organizing Maps), to facilitate processing in the Security Operation Center. Instead of handling individual security events, our approach provides groups of heterogeneous security events leading to prototypical scenarios and classified and reusable use cases that only need to be analyzed once. We evaluate our approach using a non-synthetic dataset generated on a shop floor in the automotive sector, focusing on security events related to the Log4j vulnerability.

Cite

CITATION STYLE

APA

Hormann, R., Bokelmann, D., & Ortmeier, F. (2023). Analysis of Security Events in Industrial Networks Using Self-Organizing Maps by the Example of Log4j. In International Conference on Internet of Things, Big Data and Security, IoTBDS - Proceedings (Vol. 2023-April, pp. 51–60). Science and Technology Publications, Lda. https://doi.org/10.5220/0011839900003482

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free