Title:
産業制御システム内の危殆化されたデバイスを識別するためのシステム及び方法
Document Type and Number:
Japanese Patent JP6568654
Kind Code:
B2
Abstract:
The disclosed computer-implemented method for identifying compromised devices within industrial control systems may include (1) monitoring network traffic within a network that facilitates communication for an industrial control system that includes an industrial device, (2) creating, based at least in part on the network traffic, a message protocol profile for the industrial device that describes (A) a network protocol used to communicate with the industrial device and (B) normal communication patterns of the industrial device, (3) detecting at least one message that involves the industrial device and at least one other computing device included in the industrial control system, (4) determining, by comparing the message with the message protocol profile, that the message represents an anomaly, and then (5) determining, based at least in part on the message representing the anomaly, that the other computing device has likely been compromised. Various other methods, systems, and computer-readable media are also disclosed.
More Like This:
Inventors:
Corrales Ignacio Belmodes
Tugonkar Arok
Tugonkar Arok
Application Number:
JP2018524449A
Publication Date:
August 28, 2019
Filing Date:
September 27, 2016
Export Citation:
Assignee:
Symantec Corporation
International Classes:
H04L12/70; H04L12/28
Domestic Patent References:
| JP2012244628A | ||||
| JP2011253355A | ||||
| JP2006115129A | ||||
| JP2016163352A |
Foreign References:
| US20060236374 |
Attorney, Agent or Firm:
Kenji Sugimura
Tetsuyuki Okumachi
Tetsuyuki Okumachi