| Abstract: | Technologies relating to monitoring communications traffic to detect
potential attacks on industrial control system networks and building
automation system networks are described herein. In an embodiment, a
monitoring device receives a plurality of communications from a control
network. The monitoring device transmits the communications to a
computing device. Based on the communications, the computing device
generates a listing of devices that communicated by way of the control
network over a period of time, and computes a volume of traffic between
each pair of devices in the listing of devices. The computing device then
outputs a graphical user interface (GUI) by way of display, the GUI
comprising data indicative of the computed volumes of traffic, which may
be indicative of a potential attack on the control network. |