SNORT Decoder and Preprocessor

Decoder and preprocessor solutions of the SNORT that process EtherCAT traffic.

Trust Node Approach

Solution to determine secure communication attributes with the information taken from the ESI/ENI files.

Periodicity Detection

Solutions to determine the bus cycle time and periodicity based statistical anomaly detection.

Machine Learning Methods

Detection of anomalies by machine learning methods and monitoring with ELK system.

Outputs

It is a TUBITAK 1005 project and was carried out with the support of Sakarya University and TUBITAK. Project start and end dates are 11.15.2018 and 02.15.2020

Outputs of the project

  • Development of field and factory level testbed environments on a laboratory scale,
  • Modeling of EtherCAT field level protocol,
  • Modeling of EtherCAT factory level sub-protocols,
  • For both levels, development of a fuzzer and attack vectors using models (vulnerability analysis),
  • Development of EtherCAT preprocessor on Snort for field level and proposing the trust node approach,
  • For field level: Real-time anomaly detection using period detection solution, offline anomaly detection using machine learning methods on logs. For factory level: Real-time anomaly detection using machine learning techniques. In addition, presenting findings to the user in ELK environment
Read More

Team

The current team consists of 1 principal investigator, 1 researcher and 2 scholars.

Prof. Dr. İbrahim Özçelik

Principal Investigator

Computer Engineering Department

Sakarya University

Doç. Dr. Veli Yılancı

Researcher (former)

Department of Financial Econometrics

Sakarya University

Res. Assist. PhD. Kevser Ovaz Akpınar

Researcher

Computer Engineering Department

Sakarya University

Res. Assist. Firdevs Sevde Toker

Graduate Scholar

Computer Engineering Department

Sakarya University

Turgut Yazıcı

Undergraduate Scholar

Computer Engineering Department

Sakarya University

Thesis

Within the scope of the project, 1 PhD has been completed and 1 Master's study is ongoing.

Kevser Ovaz Akpınar (PhD)

Rule and machine learning based intrusion and anomaly detection in an EtherCAT based SCADA system Read More

Firdevs Sevde Toker (Master)

MITRE ICS Attack Simulation and Intrusion Detection on EtherCAT Based Drinking Water SystemRead More

Publications

Within the scope of the project, 2 SCI articles and 1 conference paper (related publication) have been published. 1 more SCI article and 1 conference paper are in the revision process. 1 SCI article is being prepared for submission.

  • All
  • Article
  • Conference Paper

Volume 2018

Doi: 10.1155/2018/2639750

Volume 7

Doi: 10.1109/ACCESS.2019.2960497

A Standalone Gray-Box EtherCAT Fuzzer

Doi: 10.1109/ISMSIT.2018.8566695

Device Level Testbeds

2 different testbed environments have been launched for testing solutions which were developed within the scope of the project. These testbeds target the protection of Device Level communication in Cyber Physical Systems (CPS)

Basic Device Level Testbed

Water Circulation Testbed

Factory Level Testbed

This testbed models the process of Water Treatment in laboratory scale. It consists of a damn, treatment, 2 elevated reservoirs and a storage tank.

For Device and Factory levels real-time anomaly detection

Using the tap devices, the data is monitored from the device and factory levels of the testbed environments. The captured traffic then given to the SNORT and the application developed for the factory level simultaneously. Detected anomalies are presented to the user on the ELK dashboards.

For Device level offline anomaly detection

Using the tap devices, data is monitored from device level of the water circulation testbed. To develop anomaly behaviour, system and protocol based attack vectors are generated. Then, collected log files are given to the machine learning tools and evaluation between the methods have been made.

Contact Us

Address

Faculty of Haşim Gürdamar Computer ve Information Sciences, Sakarya University Esentepe Campus, 54050 Serdivan / SAKARYA

Phone

+90 (264) 295 5454

Loading
Your message has been sent. Thank you!