Cybersecurity in OT Environments : A Modular Approach for Network Integrity
Luttinen, Timo (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2023122138836
https://urn.fi/URN:NBN:fi:amk-2023122138836
Tiivistelmä
The rapid evolution of cyber threats in network environments necessitates advanced and adaptable security strategies. This thesis presents the design and implementation of a comprehensive system, designed for Rejlers Finland, aimed at enhancing remote penetration testing and providing an in-depth analysis of network traffic in relatively isolated environments. The system's core objective is to identify potential security threats and anomalies through a robust, modular framework that integrates heuristic, statistical, and machine learning techniques.
The thesis first outlines the development of the hardware setup, emphasizing modularity and cost-effectiveness. It then delves into the data pipeline, detailing the data collection, preprocessing, and feature engineering processes. The system employs a unique approach by combining various analytical methods, each contributing to the overall efficacy of network traffic analysis. The heuristic analysis offers rapid initial assessments, while statistical and machine learning techniques provide deeper insights.
A key aspect of this thesis is its focus on post-event data analysis rather than real-time processing. This approach enables a thorough examination of network traffic, uncovering insights that inform subsequent security measures. The system's adaptability to various network environments is highlighted, demonstrating its capability to handle different types of network traffic and settings effectively.
The thesis concludes by comparing the designed system with existing network security solutions, underscoring its unique features and potential advantages. Future research directions are proposed, suggesting enhancements like automated customization and further integration of open-source technologies. The system represents a step forward in network traffic analysis methodology, offering a scalable, flexible solution with potential applications in various cybersecurity scenarios.
The thesis first outlines the development of the hardware setup, emphasizing modularity and cost-effectiveness. It then delves into the data pipeline, detailing the data collection, preprocessing, and feature engineering processes. The system employs a unique approach by combining various analytical methods, each contributing to the overall efficacy of network traffic analysis. The heuristic analysis offers rapid initial assessments, while statistical and machine learning techniques provide deeper insights.
A key aspect of this thesis is its focus on post-event data analysis rather than real-time processing. This approach enables a thorough examination of network traffic, uncovering insights that inform subsequent security measures. The system's adaptability to various network environments is highlighted, demonstrating its capability to handle different types of network traffic and settings effectively.
The thesis concludes by comparing the designed system with existing network security solutions, underscoring its unique features and potential advantages. Future research directions are proposed, suggesting enhancements like automated customization and further integration of open-source technologies. The system represents a step forward in network traffic analysis methodology, offering a scalable, flexible solution with potential applications in various cybersecurity scenarios.