# Using Temporal and Topological Features for Intrusion Detection in   Operational Networks

**Authors:** Simon D. Duque Anton, Daniel Fraunholz, and Hans Dieter Schotten

arXiv: 1907.04098 · 2019-07-10

## TL;DR

This paper presents a novel intrusion detection approach for industrial networks using temporal motif discovery and graph-based anomaly detection, addressing unique industrial security challenges.

## Contribution

It introduces an integrated method combining time series motif detection with graph analysis for improved intrusion detection in industrial environments.

## Key findings

- Effective detection of timing anomalies in industrial processes
- Identification of malicious communication patterns via graph analysis
- Proposed integration enhances detection accuracy

## Abstract

Until two decades ago, industrial networks were deemed secure due to physical separation from public networks. An abundance of successful attacks proved that assumption wrong. Intrusion detection solutions for industrial application need to meet certain requirements that differ from home- and office-environments, such as working without feedback to the process and compatibility with legacy systems. Industrial systems are commonly used for several decades, updates are often difficult and expensive. Furthermore, most industrial protocols do not have inherent authentication or encryption mechanisms, allowing for easy lateral movement of an intruder once the perimeter is breached. In this work, an algorithm for motif discovery in time series, Matrix Profiles, is used to detect outliers in the timing behaviour of an industrial process. This process was monitored in an experimental environment, containing ground truth labels after attacks were performed. Furthermore, the graph representations of a different industrial data set that has been emulated are used to detect malicious activities. These activities can be derived from anomalous communication patterns, represented as edges in the graph. Finally, an integration concept for both methods is proposed.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.04098/full.md

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/1907.04098/full.md

## References

52 references — full list in the complete paper: https://tomesphere.com/paper/1907.04098/full.md

---
Source: https://tomesphere.com/paper/1907.04098