| Abstract: Technologies relating to monitoring communications traffic to detect
potential attacks on industrial control system networks and building
automation system networks are described herein. In an embodiment, a
monitoring device receives a plurality of communications from a control
network. The monitoring device transmits the communications to a
computing device. Based on the communications, the computing device
generates a listing of devices that communicated by way of the control
network over a period of time, and computes a volume of traffic between
each pair of devices in the listing of devices. The computing device then
outputs a graphical user interface (GUI) by way of display, the GUI
comprising data indicative of the computed volumes of traffic, which may
be indicative of a potential attack on the control network. |
| Filed: 2/20/2018 |
| Application Number: 15/899893 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Attribution for Derwent World Patents Index Records published on Sandia ® Clarivate. All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |