+1 Recommend
1 collections
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation


      1 , 1 , 2 , 1 , 1

      5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)

      ICS & SCADA Cyber Security Research

      29 - 30 August 2018

      industrial control systems, vulnerability scanner, programmable logic controllers, security assessment

      Read this article at

          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.


          Owing to a growing number of attacks, the assessment of Industrial Control Systems (ICSs) has gained in importance. An integral part of an assessment is the creation of a detailed inventory of all connected devices, enabling vulnerability evaluations. For this purpose, scans of networks are crucial. Active scanning, which generates irregular traffic, is a method to get an overview of connected and active devices. Since such additional traffic may lead to an unexpected behavior of devices, active scanning methods should be avoided in critical infrastructure networks. In such cases, passive network monitoring offers an alternative, which is often used in conjunction with complex deep-packet inspection techniques. There are very few publications on lightweight passive scanning methodologies for industrial networks. In this paper, we propose a lightweight passive network monitoring technique using an efficient Media Access Control (MAC) address-based identification of industrial devices. Based on an incomplete set of known MAC address to device associations, the presented method can guess correct device and vendor information. Proving the feasibility of the method, an implementation is also introduced and evaluated regarding its efficiency. The feasibility of predicting a specific device/vendor combination is demonstrated by having similar devices in the database. In our ICSi testbed, we reached a host discovery rate of 100% at an identification rate of more than 66%, outperforming the results of existing tools.

          Related collections

          Most cited references 18

          • Record: found
          • Abstract: not found
          • Conference Proceedings: not found

          A Taxonomy of Cyber Attacks on SCADA Systems

            • Record: found
            • Abstract: not found
            • Conference Proceedings: not found

            A Search Engine Backed by Internet-Wide Scanning

              • Record: found
              • Abstract: not found
              • Article: not found

              Guide to industrial control systems (ics) security


                Author and article information

                August 2018
                August 2018
                : 21-30
                [1 ]Hochschule Augsburg Augsburg, Germany
                [2 ]Fraunhofer AISEC Munich, Germany
                © Niedermaier et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018

                This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

                5th International Symposium for ICS & SCADA Cyber Security Research 2018
                ICS-CSR 2018
                University of Hamburg, Germany
                29 - 30 August 2018
                Electronic Workshops in Computing (eWiC)
                ICS & SCADA Cyber Security Research
                Product Information: 1477-9358BCS Learning & Development
                Self URI (journal page): https://ewic.bcs.org/
                Electronic Workshops in Computing


                Comment on this article