Abstract: Methods and systems for detecting a potential compromise of cyber security in an industrial network are disclosed. These methods and systems comprise elements of hardware and software for generating and analyzing vectors indicative of network behavioral states to establish thresholds for anomalous behavior in the industrial network.
Abstract: Disclosed is a system and method for detecting anomalous behavior in Industrial Control Networks. The system first operates in a learning phase to learn various behaviors, and then in a protection phase to analyze packets to identify anomalous network events, and, for example, raise an alert.