Network Forensics Lessons For Industrial Control Systems

Abstract

Network security monitoring is an important element in incident response and forensics investigation. Most forensic investigators are trained to recognize abusive network behavior in conventional information systems, but they may not have the technical skills to detect anomalous traffic patterns in industrial control systems that manage critical infrastructure services. We have developed and laboratory-tested hands-on teaching material to introduce students to forensics investigation of intrusions on an industrial network.Rather than using prototypes of ICS components, our approach utilizes commercial industrial products to provide students a more realistic simulation of an ICS network. The lessons cover four different types of attacks and the corresponding post-incident network data analysis. This report describes the initial development of these network forensics lessons.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 08, 2016
Accession Number
AD1060141

Entities

People

  • Thuy D. Nguyen

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Application Protocols
  • Computer Access Control
  • Computer Network Security
  • Computer Networks
  • Computer Science
  • Computers
  • Control Systems
  • Cyberattacks
  • Cybersecurity
  • Education
  • Industrial Control Systems
  • Information Systems
  • Network Protocols
  • Network Science
  • Scada
  • Security
  • Students

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Instructional Design and Training Evaluation.

Technology Areas

  • Cyber