Clustering-based anomaly detection engine.
This page includes the implementation of a clustering-based detection engine that can be used to detect abnormal behavior of process measurements performed by industrial controllers (e.g., Programmable Logical Controllers). The tool captures industrial network traffic (IEC packets), it extracts process measurements and runs a clustering engine.
- The results have been documented in the paper A Clustering-based Approach to Detect Cyber Attacks in Process Control Systems.
- Sources and documentation: Download.
