Authors:
Mikel Iturbe
;
Iñaki Garitano
;
Urko Zurutuza
and
Roberto Uribeetxeberria
Affiliation:
Faculty of Engineering and Mondragon University, Spain
Keyword(s):
Industrial Networks, Security Visualization, Chord Diagrams, Flow Monitoring.
Related
Ontology
Subjects/Areas/Topics:
Abstract Data Visualization
;
Computer Vision, Visualization and Computer Graphics
;
Flow Visualization
;
Internet, Web and Security Visualization
;
Spatial Data Visualization
Abstract:
Industrial Control Systems are the set of specialized elements that monitor and control physical processes.
Those systems are normally interconnected forming environments known as industrial networks. The particularities
of these networks disallow the usage of traditional IT security mechanisms, while allowing other
security strategies not suitable for IT networks. As industrial network traffic flows follow constant and repetitive
patterns, whitelisting has been proved a viable approach for anomaly detection in industrial networks. In
this paper, we present a network flow and related alert visualization system based on chord diagrams. The system
represents the detected network flows within a time interval, highlighting the ones that do not comply the
whitelisting rules. Moreover, it also depicts the network flows that, even if they are registered in the whitelist,
have not been detected on the selected time interval (e.g. a host is down). Finally, the visualization system is
tested w
ith network data coming from a real industrial network.
(More)