Comparative Analysis of Classification Methods and Suitable Datasets for Protocol Recognition in Operational Technologies

článek v časopise ve Web of Science, Jimp

angličtina

The interconnection of Operational Technology (OT) and Information Technology (IT) has created new opportunities for remote management, data storage in the cloud, real-time data transfer over long distances, or integration between different OT and IT networks. OT networks require increased attention due to the convergence of IT and OT, mainly due to the increased risk of cyber-attacks targeting these networks. This paper focuses on the analysis of different methods and data processing for protocol recognition and traffic classification in the context of OT specifics. Therefore, this paper summarizes the methods used to classify network traffic, analyzes the methods used to recognize and identify the protocol used in the industrial network, and describes machine learning methods to recognize industrial protocols. The output of this work is a comparative analysis of approaches specifically for protocol recognition and traffic classification in OT networks. In addition, publicly available datasets are compared in relation to their applicability for industrial protocol recognition. Research challenges are also identified, highlighting the lack of relevant datasets and defining directions for further research in the area of protocol recognition and classification in OT environments.

classification methods; datasets; machine learning; operational technology; protocol classification; protocol recognition; security

HOLASOVÁ, E.; FUJDIAK, R.; MIŠUREC, J.

11. 5. 2024

MDPI

1999-4893

Algorithms

17

5

Švýcarská konfederace

1

20

20

https://www.mdpi.com/1999-4893/17/5/208

http://hdl.handle.net/11012/249486