Abstract:Fingerprinting techniques have been widely used in the security field. However, due to the complexity and heterogeneousness of the Industrial Control System (ICS) network, there is hardly any method to fingerprint attack traffic against it. In this paper, we propose a method to fingerprint attack traffic against ICS networks. The proposed method can not only identify different kinds of attack traffic against ICS network, but also evaluate their potentially malicious intents. In addition, the proposed method is able to discover new kinds of attack traffic from ICS network traffic. Specifically, the attack traffic is characterized as the communication pattern, which is used to evaluate the intent level and further resolved as the communication pattern fingerprint (CPF). The CPF is used to distinguish different kinds of attack traffic and discover new attack traffic. Our experimental results show that the proposed method can effectively and accurately achieve the above functions.

How to Fingerprint Attack Traffic Against Industrial Control System Network