Investigating the Viability of Fingerprinting the Toolset Used to Probe an Operational Technology Network, Providing Another Indicative Vector to Use in Intrusion Detection Systems.
In this work we investigated the viability of fingerprinting asset discovery tools usedto probe operational technology networks, in order to provide an additional vector to usein intrusion detection systems. We collected packet captures from several scanning toolsused on a real PLC (Programmable Logic Controller), and then extracted different groupsof features from each packet capture, using this to build several different classifiers. Weevaluated these classifiers on test data with additional noise added, achieving an exactmatch accuracy of 92% - 100%, showing that it is indeed possible to fingerprint the toolsetused to a high degree of accuracy. We also discussed the viability of this technique beingused within an IDS (intrusion detection system).
Overleaf link: https://www.overleaf.com/project/5df1007d19616e00014da667