CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Tsou Yu-Ting

Tsou Yu-Ting

Technical manager, Institute for Information Industry, Cybersecurity Technology Institute

1. Graduated from Chung Yuan Christian University Electrical Engineering Institute

2. Served in the Institute for Information Industry for 10 years

3. Served in the Cybersecurity Technology Institute for 3 years

4. Analyze network packets for more than 10 factories, and inspect the factory's network security and health examination

Taiwan's Cybersecurity Researchers
OT Security Forum
  • May 6th (Thu)
  • 10:45 - 11:15
  • 7F 701C

Method for detecting abnormal behavior of unknown protocol in industrial control environment

IDS in the industrial control network environment can detect whether there is abnormal network packet behavior in the industrial control network environment, remind factory personnel that the communication of each computer in the factory is not attacked by external hackers, and prompt internal malicious employees Abnormal network packet behavior. We rely on "hearing" all the packets of the switch or router in the factory to let everyone "see" the purdue model and asset inventory table of the factory network, and teach you to see the normal and abnormal behaviors in the industrial control network; we will share Actual cases to see WannaCry's abnormal behavior will also introduce the importance of industrial control internal network isolation. Through a few actual cases, we can open the audience's eyes and see the abnormal behavior on the industrial control network. Except, the communication between the machine and the machine in the factory is like the communication between the Boss and the Servant. The language of communication may be Chinese, English, French, Japanese, but it may also be an unknown dialect (Unknown Protocol), so we will introduce the analysis of the Unknown Protocol. 

Intermediate
Industrial SecurityNetwork SecurityNetwork Visibility
Read More