ANOMALY DETECTION IN INDUSTRIAL COMMUNICATIONS NETWORKS, ANOMALY DETECTION SYSTEM, AND METHODS FOR PERFORMING ANOMALY DETECTION

摘要

PROBLEM TO BE SOLVED: To detect intrusions into control and maintenance communications networks, such as those used in process and industrial control systems.SOLUTION: An anomaly detection system 10 includes various data collection modules 30, 32 at each of nodes 22A to 22N of a network 20 which operate to view message traffic into and out of the node and to generate metadata pertaining to the message traffic. The communication modules 33 at the nodes send the traffic metadata to an anomaly analysis engine 34, which processes the metadata using a rules engine that analyzes the metadata using a set of logic rules and traffic pattern baseline data to determine if current traffic patterns at one or more network nodes are anomalous.SELECTED DRAWING: Figure 1