Skip to content
/ thesis Public

Investigating the Viability of Fingerprinting the Toolset Used to Probe an Operational Technology Network, Providing Another Indicative Vector to Use in Intrusion Detection Systems.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

zackdove/thesis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
results
results
 
 
Project Outline.docx
Project Outline.docx
 
 
Zack Dove Poster.pdf
Zack Dove Poster.pdf
 
 
Zack-Project Outline - BC.docx
Zack-Project Outline - BC.docx
 
 
convergence.png
convergence.png
 
 
diagram.pptx
diagram.pptx
 
 
idea.docx
idea.docx
 
 
nessus_basic device scan.pdf
nessus_basic device scan.pdf
 
 
opvas_device scan.xml
opvas_device scan.xml
 
 
project fair poster.docx
project fair poster.docx
 
 
project fair poster.pdf
project fair poster.pdf
 
 
readme.md
readme.md
 
 
scanning toolks.csv
scanning toolks.csv
 
 
scanning toolks.xlsx
scanning toolks.xlsx
 
 
scanning tools.md
scanning tools.md
 
 
thesis 9 feb.pdf
thesis 9 feb.pdf
 
 
thesis.docx
thesis.docx
 
 
thesis.pdf
thesis.pdf
 
 
thesis_24 jan.pdf
thesis_24 jan.pdf
 
 
tools.html
tools.html
 
 
useful sources.txt
useful sources.txt
 
 
workings.txt
workings.txt
 
 

Repository files navigation

Computer Science Thesis - Zack Dove - University of Bristol

Investigating the Viability of Fingerprinting the Toolset Used to Probe an Operational Technology Network, Providing Another Indicative Vector to Use in Intrusion Detection Systems.

Abstract

In this work we investigated the viability of fingerprinting asset discovery tools usedto probe operational technology networks, in order to provide an additional vector to usein intrusion detection systems. We collected packet captures from several scanning toolsused on a real PLC (Programmable Logic Controller), and then extracted different groupsof features from each packet capture, using this to build several different classifiers. Weevaluated these classifiers on test data with additional noise added, achieving an exactmatch accuracy of 92% - 100%, showing that it is indeed possible to fingerprint the toolsetused to a high degree of accuracy. We also discussed the viability of this technique beingused within an IDS (intrusion detection system).

Final Report

Overleaf link: https://www.overleaf.com/project/5df1007d19616e00014da667

About

Investigating the Viability of Fingerprinting the Toolset Used to Probe an Operational Technology Network, Providing Another Indicative Vector to Use in Intrusion Detection Systems.

Topics

cybersecurity intrusion-detection ics ot ics-security

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages