How To Create An Ics Network With A Network Of Nodes

Similar documents
OPC & Security Agenda

IT Security and OT Security. Understanding the Challenges

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

Using Tofino to control the spread of Stuxnet Malware

CYBER SECURITY Is your Industrial Control System prepared? Presenter: Warwick Black Security Architect SCADA & MES Schneider-Electric

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

CYBER SECURITY: SYSTEM SERVICES FOR THE SAFEGUARD OF DIGITAL SUBSTATION AUTOMATION SYSTEMS. Massimo Petrini (*), Emiliano Casale TERNA S.p.A.

CYBER SECURITY. Is your Industrial Control System prepared?

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Security Testing in Critical Systems

DNP Serial SCADA to SCADA Over IP: Standards, Regulations Security and Best Practices

Industrial Security for Process Automation

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

!! "# $%!& $!$ +) * ', -./01.//1233/ "4, -./01.//12223 *, 565

ICS/SCADA Security Analysis of a Beckhoff CX5020 PLC

Technical Note. ForeScout CounterACT: Virtual Firewall

Verve Security Center

Cyber Security Where Do I Begin?

packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

Dr. György Kálmán

OPCNet Broker TM for Industrial Network Security and Connectivity

Building Secure Networks for the Industrial World

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

Innovative Defense Strategies for Securing SCADA & Control Systems

Security for. Industrial. Automation. Considering the PROFINET Security Guideline

Testing Intelligent Device Communications in a Distributed System

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Designing a security policy to protect your automation solution

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

Detection of illegal gateways in protected networks

Cisco Advanced Services for Network Security

Networking Basics for Automation Engineers

Chapter 9 Firewalls and Intrusion Prevention Systems

a Post-Stuxnet World The Future of Critical Infrastructure Security Eric Byres, P.Eng.

Secure Networks for Process Control

Roger W. Kuhn, Jr. Advisory Director Education Fellow Cyber Security Forum Initiative

Getting Ahead of Malware

How To Understand and Configure Your Network for IntraVUE

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

Linux Network Security

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Network Security Administrator

Jive Core: Platform, Infrastructure, and Installation

Missing the Obvious: Network Security Monitoring for ICS

Protecting Your Organisation from Targeted Cyber Intrusion

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

13 Ways Through A Firewall What you don t know will hurt you

SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID

PLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure

UIP1868P User Interface Guide

Ovation Security Center Data Sheet

Guideline for setting up a functional VPN

Network Instruments white paper

Design Document. Team Members: Tony Gedwillo James Parrott David Ryan. Faculty Advisor: Dr. Manimaran Govindarasu

13 Ways Through A Firewall

Holistic View of Industrial Control Cyber Security

Technology Spotlight on Cellular Data Networking for SCADA system networks. Presented by Teamwork Solutions, Inc.

Frost & Sullivan s. Aerospace, Defence & Security Practice. Global Industrial Cyber Security Trends

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Seven Strategies to Defend ICSs

Security appliances with integrated switch- Even more secure and more cost effective

FOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW

CMPT 471 Networking II

Broadband Phone Gateway BPG510 Technical Users Guide

Update On Smart Grid Cyber Security

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

High rate and Switched WiFi. WiFi QoS, Security 2G. WiFi a/b/g. PAN LAN Cellular MAN

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Network Security Infrastructure Testing

How To Manage A Network With Kepware

Accessing Remote Devices via the LAN-Cell 2

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

Session 14: Functional Security in a Process Environment

Effective Defense in Depth Strategies

Network Virtualization Network Admission Control Deployment Guide

IP Telephony Management

Effective OPC Security for Control Systems - Solutions you can bank on

DeltaV System Cyber-Security

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

An Analysis of the Capabilities Of Cybersecurity Defense

TRIPWIRE NERC SOLUTION SUITE

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Computer Networking Networks

Knowledge needed to develop malware to infect and impact Industrial Control Systems

New Era in Cyber Security. Technology Development

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Network performance in virtual infrastructures

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

What communication protocols are used to discover Tesira servers on a network?

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Information Technology Solutions

Multi-Homing Dual WAN Firewall Router

Security all around. Industrial security for your plant at all levels. siemens.com/industrialsecurity. Answers for industry.

Transcription:

A Connection Pattern-based Approach to Detect Network Traffic Anomalies in Critical Infrastructures Béla Genge 1, Dorin Adrian Rusu 2, Piroska Haller 1 1 Petru Maior University of Tîrgu Mureş, Romania 2 VU University Amsterdam, The Netherlands e-mail: bela.genge@ing.upm.ro, d.rusu@student.vu.nl, phaller@upm.ro April 13, 2014 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 1 / 41

Outline Outline Introduction - Critical Infrastructures Research motivation Proposed approach: SPEAR Experimental assessment Conclusions and future work B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 2 / 41

Introduction Critical Infrastructures (CI) The term Critical Infrastructure (CI) underlines the significance of an infrastructure, which if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well-being of citizens 1 1 Communication from the Commission to the Council - Critical Infrastructure Protection in the fight against terrorism. COM(2004)0702., October 2004. B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 3 / 41

Introduction Industrial Control Systems (ICS): the core of CI Architecture includes the cyber and physical domains Typical components: The physical process: power plant, chemical process, electricity grid Programmable Logical Controllers (PLC) Master Terminal Units (MTU - SCADA servers) Human Machine Interfaces (HMI) Communication infrastructure Cyber Layer Physical Layer PLC PLC SCADA server Engineering station Telephone Leased Line or Power Line-based Communications Control network PLC SCADA server Domain controller Process network Maintenance server Communications Routers Radio Microwave or Cellular Satellite Modem WAN Card PLC Physical process Wide Area Network Control network HMI PLC PLC B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 4 / 41

Introduction ICS networks vs traditional computer networks 2 ICS networks are connected to physical equipment: failure of industrial networks can have severe repercussions ICS networks have strong determinism (transmission and reply are predictable) ICS communicating nodes are well-known ICS include strict real-time requirements, e.g., response time less than 1ms ICS installations have longer lifetimes (at least ten years, compared to three years for traditional) 2 B. Galloway and G.P. Hancke, Introduction to Industrial Control Networks, IEEE Communication Surveys & Tutorials, 15(2):860-880, 2013. B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 5 / 41

Introduction Industrial Control Systems (ICS): today Adoption of Ethernet and IP-based protocols COTS hardware and software Advantages: new services and features, remote monitoring and maintenance, energy markets, the newly emerging smart grids B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 6 / 41

ICS security today Motivation ICS are not isolated environments Traditional ICT hardware and software has been strongly integrated into ICS Example security concerns: Old operating systems (Windows NT 3.0/4.0, Windows 2000, BSD) Rare patching Low ICT security perception ICS are typically prone to traditional ICT attacks (Code RED, NIMDA, SLAMMER) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 7 / 41

Motivation ICS security today Unfortunately many ICS components are directly accessible from Internet (see Shodan queries) Researchers from Free University Berlin have provided a map with SCADA devices connected to the Internet Project SHINE discovered more than 1,000,000 SCADA devices connected to the Internet B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 8 / 41

Motivation Cyber attack impact on ICS In 2007, the potential impact of cyber attacks has been highlighted by the Tempe, Arizona incident (improper configuration of load shedding programs) - result: 141 breakers were opened and there was significant loss of load (46 minutes power outage) In August 2010 the discovery of a new kind of malware (Stuxnet) constituted a turning point in ICS security - result: more than 100,000 infected stations, target: nuclear enrichment centrifuges Early October 2012 a power company reported a virus infection (variant of Mariposa) in a turbine control system - result: downtime for 3 weeks B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 9 / 41

However... Motivation Traditional ICT shields New mitigation techniques New policies B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 10 / 41

Proposed approach In this paper: SPEAR SPEAR: systematic approach aimed at modeling the topology of ICS and automatically generating Snort detection rules The approach is based on the following assumptions: ICS architectures, once deployed, remain fixed over long time periods (more than 10 years) Communication flows exhibit long-lasting patterns, e.g., connection patterns B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 11 / 41

Proposed approach Example ICS architecture and communication flows Turbo-Gas power plant Green arrows denote allowed communication Red arrows denote abnormal communication B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 12 / 41

Proposed approach Steps defined in SPEAR Step 1: modeling the network of ICS (nodes and traffic flows) Step 2: generating Snort detection rules SPEAR components Model ICS Generate description ICS network topology expert NetLab modeling GUI Input NS2 script Python rule generator script Generate rules SNORT rule files B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 13 / 41

ICS model Proposed approach Network architecture as a traditional graph model G = (V, E), where V is the set of vertices and E V V is the set of edges Each vertex models typical ICS nodes such as PLC, HMI, RTU, ADS Edges denote typical connections between network components, e.g., wired/wireless links Traffic defined as tuple t = (s, d, k), t T, where T V V {tcp, udp} MTU0 PLC0 PLC1 Switch1 firewall0 Switch0 IDS0 HMI0 IDS1 PLC2 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 14 / 41

Proposed approach Generating ICS rules MTU0 PLC0 PLC1 Switch1 firewall0 Switch0 IDS0 HMI0 IDS1 PLC2 A breadth-first search (BFS) algorithm is applied to find the path from source to destination (for each traffic flow) For each ADS along the path Snort rules are generated to whitelist allowed traffic B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 15 / 41

Proposed approach Generating ICS rules (contd.) Using BFS algorithm, for each traffic flow t the list of ADSs are determined (set A) For each ADS a A the set of traffic flows is calculated F a = {t t T and a adspath(t)} The set of rules for each ADS a A is denoted by R a Rules are generated for Snort. Example: alert tcp 10.1.1.1 any > 10.1.1.2 any (msg: ALERT! ) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 16 / 41

Proposed approach Generating ICS rules (contd.) Generated rule 1 (for bidirectional UDP/TCP communications): ({k}, {v}, NOT (Hv a ), anyp, anyp, ALERT!) Ra k {tcp, udp}: protocol v V : host H a v : the set of hosts that exchange packets with host v, monitored by ADS a... meaning: generate alert if host v exchanges TCP/UDP packets with any host outside H a v B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 17 / 41

Proposed approach Generating ICS rules (contd.) Generated rule 2 and rule 3 (for unidirectional UDP or no TCP packets): ({k}, {v}, NOT ({v}), anyp, anyp, ALERT!) R a ({k}, NOT ({v}), {v}, anyp, anyp, ALERT!) R a k {tcp, udp}: protocol v V : host... meaning: generate alert if host v sends or receives TCP/UDP packets to/from any host B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 18 / 41

Proposed approach Generating ICS rules (contd.) Generated rule 4 (no UDP/TCP packets): ({k}, {NOT (V )}, {NOT (V )}, anyp, anyp, ALERT!) R a k {tcp, udp}: protocol... meaning: generate alert if any other hosts (outside the monitored set) exchange TCP or UDP packets B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 19 / 41

Proposed approach Implementation details We adopted the Emulab NetLab GUI Was developed within the Emulab project SPEAR extends the basic GUI with components specific to ICS B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 20 / 41

Proposed approach Implementation details - example We defined ICS with process and control network Process network: HMI, MTU and ADS Control network: three PLCs and ADS TCP traffic MTU0 PLC0 PLC1 Switch1 firewall0 Switch0 IDS0 HMI0 IDS1 PLC2 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 21 / 41

Proposed approach Implementation details - example (contd.) Typical Emulab ns-2 script set ns [new Simulator] source tb compat.tcl # Nodes set MTU0 [$ns node] tb-set-node-os $MTU0 ncscada-mtu set IDS0 [$ns node] tb-set-node-os $IDS0 ncscada-ids # Lans set Switch0 [$ns make-lan $firewall0 $IDS0 $PLC0... ] set Switch1 [$ns make-lan $firewall0 $HMI0 $IDS1 $MTU0 ] # Event Agents set tg0 [new Application/Traffic/CBR] set tg0sink0 [new Agent/TCPSink] $ns attach-agent $MTU0 $tg0src0... $ns run B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 22 / 41

Proposed approach Implementation details - example (contd.) Generated Snort rules ipvar $MTU0 [10.1.1.2]... 1. alert tcp $MTU0 any >![$PLC0,$PLC1,$PLC2,$HMI0] any (...) 2. alert tcp![$plc0,$plc1,$plc2,$hmi0] any > $MTU0 any (...) 3. alert tcp $HMI0 any >!$MTU0 any (...) 4. alert tcp!$mtu0 any > $HMI0 any (...) 5. alert tcp $firewall0 any >!$firewall0 any (...) 6. alert tcp!$firewall0 any > $firewall0 any (...) 7. alert tcp![$mtu0 $PLC0...] any >![$MTU0 $PLC0...] any (...) 8. alert udp any any > any any (...) MTU0 PLC0 PLC1 Switch1 firewall0 Switch0 IDS0 HMI0 IDS1 PLC2 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 23 / 41

Experimental assessment Assessment perspectives SPEAR and its generated rules have been assessed from several perspectives: Modeling and generating rules for a laboratory installation with industrial equipment (synthetic attack) Modeling and generating rules for a laboratory installation with traditional PCs (real malware) Modeling and generating rules for simulated infrastructures (synthetic attack) Scalability and execution time of rule generator script B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 24 / 41

Experimental assessment Real industrial equipment + synthetic attack We have set-up an experiment consisting of a PLC and HMI software from ABB HMI communicated with PLC through Manufacturing Message Specification protocol (MMS) HMI also sends Redundant Network Routing Protocol (RNRP) packets over UDP to a specific router Generic host to run TCP scans (TCP-SYN, TCP-NULL, TCP-FIN, and TCP-XMAS) with nmap software RNRP0 RNRP/UDP HMI0 MMS/TCP PLC0 Malware0 TCP scan Switch0 IDS0 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 25 / 41

Experimental assessment Real industrial equipment + synthetic attack (contd.) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 26 / 41

Experimental assessment Real industrial equipment + synthetic attack (contd.) Number of Snort alerts Throughput (Kbps) Detection of the network scan with the rules generated by SPEAR 400 300 MMS+RNRP TCP Scan 200 100 0 1 501 1001 1501 2001 2501 3001 Time (s) 1000 800 600 400 200 0 1 501 1001 1501 2001 2501 3001 Time (s) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 27 / 41

Experimental assessment Traditional PCs + real industry-targeting malware We set-up a network with 4 PCs and a monitoring box from HP-S8005F (can monitor up to 16 ports) We deliberately infected one of the hosts with Stuxnet Stuxnet installed successfully Stuxnet infected (after 8 hours) all other hosts Deliberate PC0 infection with W32/Stuxnet.A Test Internet connectivity Gateway0 PC3 Propagation through SMB vulnerability Switch0 IDS0 PC1 PC2 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 28 / 41

Experimental assessment Stuxnet - overview It was reported in August 2010 The first (known) malware capable to rewrite the logic of control hardware (Siemens PLCs) It is believed that the target was Iran s nuclear program It affected the normal functioning of centrifuges B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 29 / 41

Experimental assessment Stuxnet - zero-day vulnerabilities It exploited 4 zero-day vulnerabilities Exploit LNK vulnerability MS10-046 (Windows 2000, Windows Server 2003 and 2008, Windows Vista, Windows XP, Windows 7) Exploit MS Spooler vulnerability MS10-061 (Windows 2000, Windows Server 2003 and 2008, Windows Vista, Windows XP, Windows 7) Exploit Network Shared Folders and RPC vulnerability MS08-067 (Windows 2000, Windows Server 2003 and 2008, Windows Vista, Windows XP) Exploit win32k.sys vulnerability MS10-73 (Windows Server 2003 and 2008, Windows Vista, Windows XP, Windows 7) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 30 / 41

Experimental assessment Traditional PCs + real industry-targeting malware (contd.) Stuxnet creates remote file DEFRAG24681.TMP It copies itself on the other host B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 31 / 41

Experimental assessment Traditional PCs + real industry-targeting malware (contd.) The newly infected host begins to test for Internet connectivity (www.windowsupdate.com and www.msn.com) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 32 / 41

Experimental assessment Traditional PCs + real industry-targeting malware (contd.) The newly infected host begins to test for Internet connectivity (www.windowsupdate.com and www.msn.com) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 33 / 41

Experimental assessment Traditional PCs + real industry-targeting malware (contd.) Throughput (Kbps) Number of Snort alerts Deliberate PC0 infection with W32/Stuxnet.A 3500 2800 2100 1400 Stuxnet propagation Propagation through 700 Test Internet SMB vulnerability connectivity 0 1 1001 2001 3001 4001 5001 Time (s) Gateway0 Switch0 PC1 4 3 Alert triggered by Stuxnet DNS requests PC3 IDS0 PC2 2 1 0 1 1001 2001 3001 4001 5001 Time (s) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 34 / 41

Experimental assessment Simulated networks, traffic and attack We recreated in ns-3 a (larger) typical ICS topology with two networks: control and process For each network we defined 10 nodes, regular UDP and malicious traffic We used SPEAR to model the topology and to generate detection rules The ns-3 traffic was exported to pcap files and we used Snort (configured with SPEAR s rules) to detect the attack HMI0 HMI1 MTU0 MTU1 historian0 HMI2 Router0 switch0 firewall0 firewall1 Node0 Node1 RAP1 PLC7 IDS0 RAP0 IDS1 PLC0 PLC1 PLC2 switch1 PLC3 PLC4 PLC5 PLC6 B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 35 / 41

Experimental assessment Simulated networks, traffic and attack (contd.) Number of Snort alerts Throughput (Kbps) Number of Snort alerts Throughput (Kbps) Two settings: Setting 1: attack rate similar to regular traffic Setting 2: attack rate 30 times smaller than regular traffic 1000 Regular Malicious 800 600 400 200 0 1 1001 2001 3001 4001 5001 6001 7001 Time (s) 3000 2500 Regular Malicious 2000 1500 1000 500 0 1 1001 2001 3001 4001 5001 6001 7001 Time (s) 200 150 100 50 0 1 1001 2001 3001 4001 5001 6001 7001 Time (s) 300 250 200 150 100 50 0 1 1001 2001 3001 4001 5001 6001 7001 Time (s) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 36 / 41

Experimental assessment Rule generator execution time We evaluated the execution time of SPEAR s rule generator We generated a total of 10 different topology descriptions (ns-2) For each topology the dimension was gradually increased with a number of 10 networks (10hosts + 1 ADS/network) Traffic was defined between hosts and between networks B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 37 / 41

Experimental assessment Rule generator execution time (contd.) Execution time (s) 0.25 0.2 0.15 0.1 0.05 0 Total BFS algorithm 10 20 30 40 50 60 70 80 90 100 Number of ICS networks B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 38 / 41

Conclusions Conclusions The definition of connection patterns in the core of CI can lead to effective detection of traffic anomalies The learning phase from other approaches is replaced by expert knowledge and formal description language Detection rules are generated for a well-known detection engine: Snort SPEAR s main contribution: It automatizes the rule generation procedure for ICSs and a well-established detection engine, i.e., Snort, by employing available open-source tools B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 39 / 41

Conclusions (contd.) Conclusions Future work: Extend the supported protocols for more expressive modeling capabilities Integrate automated traffic learning techniques (carefully planned) SPEAR is available as open-source (http://www.ibs.ro/~bela/conpat.html) B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 40 / 41

Thanks Thank you! B. Genge, D.A. Rusu, and P. Haller SPEAR April 13, 2014 41 / 41

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information