2015 Volume 48 Issue 8 Pages 619-625
Industrial control systems (ICS) have hidden vulnerabilities that cannot be usually solved by IT security tools, because of their 24 h 365 d non-stop, non-update and non-patch operation. There is, however, very limited report of cyber-attacks, so that owners of critical infrastructures do not have much attention for their ICS protection. This is a kind of misunderstanding of the current situation caused by a lacking of capability to detect a cyber-intrusion. In order to apply an Intrusion Detection System (IDS), it is difficult to make the complete white list of communication packets, and it is also difficult to perform anomaly detection by checking the payload of packet one by one. This paper defines characteristics of communication in the ICS network and proposes a methodology to visualize the ICS network behavior. An illustrative example of pseudo cyber-attack is also prepared for understanding our proposed method.