Meshram, AnkushAnkushMeshramKarch, MarkusMarkusKarchHaas, ChristianChristianHaasBeyerer, JürgenJürgenBeyerer2023-10-162023-10-162023https://publica.fraunhofer.de/handle/publica/45174210.1109/etfa54631.2023.10275358Network Intrusion Detection System (NIDS) for process-based anomaly detection have been developed as one of the cybersecurity solutions against industrial process targeted attacks such as Stuxnet. In practice, the real-world industrial plants could not complement the advancements in the industrial cybersecurity research as upgrading the infrastructure is an expensive and deterrent process for plant owners. In addition, the infrastructure information might be lost over the intended longer lifetime, hence, configuring a NIDS in the absence of such information is a challenge. Moreover, the existing NIDS solutions analyze the industrial process values/parameters with the knowledge of their semantics, and would fail when the semantics is not known or lost. As a solution to aforementioned problem, we propose an industrial communication paradigm aware Process Payload Profiling Framework (P3F), capable of self-learning process behavior from network traffic without the knowledge of underlying process parameters being exchanged. We also report P3F’s successful detection of an anomaly in the process of a miniaturized PROFINET-based industrial system, caused by a simulated process-targeted cyberattackenIndustrial Control SystemsNetwork Intrusion DetectionMachine LearningString Algorithmconference paper