Visible to the public Security Visualization and Active Querying for OT Network

TitleSecurity Visualization and Active Querying for OT Network
Publication TypeConference Paper
Year of Publication2020
AuthorsMore, S., Jamadar, I., Kazi, F.
Date PublishedJuly 2020
ISBN Number978-1-7281-6851-7
Keywordsactive querying, Air gaps, air-gap, business network, comma separated value format, common event format, composability, computer network security, computer networks, cyber-attacks, Data collection, data visualisation, Data visualization, firewalls, Human Behavior, human factors, Internet, intrusion detection system, intrusion prevention system, Metrics, Monitoring, network behavior, network inclusion, Network security, operational technology network, OT Network, physical objects, pubcrawl, Real-time Systems, resilience, Resiliency, security, Security Visualization, visualization, Workstations

Traditionally Industrial Control System(ICS) used air-gap mechanism to protect Operational Technology (OT) networks from cyber-attacks. As internet is evolving and so are business models, customer supplier relationships and their needs are changing. Hence lot of ICS are now connected to internet by providing levels of defense strategies in between OT network and business network to overcome the traditional mechanism of air-gap. This upgrade made OT networks available and accessible through internet. OT networks involve number of physical objects and computer networks. Physical damages to system have become rare but the number of cyber-attacks occurring are evidently increasing. To tackle cyber-attacks, we have a number of measures in place like Firewalls, Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). To ensure no attack on or suspicious behavior within network takes place, we can use visual aids like creating dashboards which are able to flag any such activity and create visual alert about same. This paper describes creation of parser object to convert Common Event Format(CEF) to Comma Separated Values(CSV) format and dashboard to extract maximum amount of data and analyze network behavior. And working of active querying by leveraging packet level data from network to analyze network inclusion in real-time. The mentioned methodology is verified on data collected from Waste Water Treatment Plant and results are presented.,} booktitle = {2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)

Citation Keymore_security_2020