Measuring the Growth in Complexity of Models from Industrial Control Networks



Journal Title

Journal ISSN

Volume Title


Institute of Electrical and Electronics Engineers Inc.


Profiling communication patterns between industrial devices is important for detecting anomalies and potential cyber-attacks. In this paper we do deep-packet inspection of various industrial protocols to generate models of communications between pairs of devices; in particular, we use two models (deterministic finite automata and discrete-time Markov chains) applied to three different industrial networks: (1) an electrical substation, (2) a small-scale water testbed, and (3) a large-scale water treatment facility. Overall these datasets represent a variety of industrial protocols, including EtherNet/IP, DNP3, and Modbus/TCP.


Full text access from Treasures at UT Dallas is restricted to current UTD affiliates (use the provided Link to Article). All others may find the web address for this item in the full item record as "dc.relation.uri" metadata.


Data integration (Computer science), Integrated circuits, Markov processes, Computer network protocols, Computer networks--Security measures, Sequential machine theory, Water treatment plants

NSF CNS-1718848


©2018 IEEE