Simple record

dc.rights.licenseAttribution 4.0 International*
dc.contributor.advisorZurutuza Ortega, Urko
dc.contributor.advisorUribeetxeberria Ezpeleta, Roberto
dc.contributor.authorIturbe Urretxa, Mikel
dc.description.abstractSince the conception of the first Programmable Logic Controllers (PLCs) in the 1960s, Industrial Control Systems (ICSs) have evolved vastly. From the primitive isolated setups, ICSs have become increasingly interconnected, slowly forming the complex networked environments, collectively known as Industrial Networks (INs), that we know today. Since ICSs are responsible for a wide range of physical processes, including those belonging to Critical Infrastructures (CIs), securing INs is vital for the well-being of modern societies. Out of the many research advances on the field, Anomaly Detection Systems (ADSs) play a prominent role. These systems monitor IN and/or ICS behavior to detect abnormal events, known or unknown. However, as the complexity of INs has increased, monitoring them in the search of anomalous trends has effectively become a Big Data problem. In other words, IN data has become too complex to process it by traditional means, due to its large scale, diversity and generation speeds. Nevertheless, ADSs designed for INs have not evolved at the same pace, and recent proposals are not designed to handle this data complexity, as they do not scale well or do not leverage the majority of the data types created in INs. This thesis aims to fill that gap, by presenting two main contributions: (i) a visual flow monitoring system and (ii) a multivariate ADS that is able to tackle data heterogeneity and to scale efficiently. For the flow monitor, we propose a system that, based on current flow data, builds security visualizations depicting network behavior while highlighting anomalies. For the multivariate ADS, we analyze the performance of Multivariate Statistical Process Control (MSPC) for detecting and diagnosing anomalies, and later we present a Big Data, MSPCinspired ADS that monitors field and network data to detect anomalies. The approaches are experimentally validated by building INs in test environments and analyzing the data created by them. Based on this necessity for conducting IN security research in a rigorous and reproducible environment, we also propose the design of a testbed that serves this purpose.en
dc.publisherMondragon Unibertsitatea. Goi Eskola Politeknikoaen
dc.rights© Mikel Iturbe Urretxaen
dc.subjectDispositivos de controles
dc.subjectProcesos industrialeses
dc.subjectFiabilidad de los ordenadoreses
dc.titleData-Driven Anomaly Detection in Industrial Networksen
local.description.responsabilityPresidencia: Fco. Javier López Muñoz (Universidad de Malaga); Vocalía: José Camacho Páez (Universidad de Granada); Vocalía: Josu Bilbao Ugalde (IKERLAN); Vocalía: Jorge Ricardo Cuéllar Jaramillo (Siemens AG); Secretaría: Iñaki Garitano Garitano (Mondragon Unibertsitatea)es

Files in this item


This item appears in the following Collection(s)

Simple record

Attribution 4.0 International
Except where otherwise noted, this item's license is described as Attribution 4.0 International