Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rmmenezes/prototipo-arq-mononitoramento

Cybersecurity monitoring architecture for industrial systems
https://github.com/rmmenezes/prototipo-arq-mononitoramento

arquitetura cybersecurity dashboards docker-compose elasticsearch elk elk-stack kibana kibana-visualization logstash logstash-filter mongodb mongodb-logstash monitoring-systems seguranca visualization

Last synced: about 21 hours ago
JSON representation

Cybersecurity monitoring architecture for industrial systems

Awesome Lists containing this project

README

        

# Monitoring Architecture for Industrial Systems Cybersecurity :computer: :bar_chart:

The objective of the work is to propose and develop a cyber security monitoring architecture for industrial systems. In this way, a monitoring architecture for industrial systems was developed, which stands out for being modular and for facilitating the coupling of different devices and technologies in the industrial sector. The architecture contributes to cybersecurity in industrial systems and to mitigate the damage caused by cyber attacks and anomalies.

## Monitoring Architecture Prototype
![alt text](https://github.com/rmmenezes/prototipo-arq-mononitoramento/blob/master/img/prototipo.png?raw=true)

## Host Monitoring
### Visualization - Global map of external connections in Ossec logs
In situations where the alert generated by Ossec is related to external access, as well as HTTP, SSH and FTP connections, it is interesting to know the physical location of the devices involved. The preview reveals the location and link of connections between source and destination addresses. It can be seen in the map in Figure \ ref {fig: mapa_hosts} that a large part of the connections depart from North American regions bound for South Korea. If it is found that such connections are part of a mass attack on a network or device , a palliative measure would be to establish a firewall rule to block any connections coming from the North American region.
![alt text](https://github.com/rmmenezes/prototipo-arq-mononitoramento/blob/master/img/mapa_hosts.png?raw=true)

## Monitoring in ModBus/TCP Network
### Visualization - ModBus Communication Flow master-slave
The communication model of the ModBus protocol is of the type (master-slave), in which only the master device can perform the data requests to the slaves devices. The visualization allows to observe the communication flow between the devices of the industrial ModBus network. Thus, we can deduce that in the data set used, the IP address "141.81.0.10" is the master device, and that it receives all data flow from the slaves devices. A possible anomaly could be identified if a slave device starts to respond to a malicious master server.
![alt text](https://github.com/rmmenezes/prototipo-arq-mononitoramento/blob/master/img/fluxosmb.png?raw=true)

## TCP / IP Network Monitoring
### Visualization - Temporal network flow
The Figure shows a visualization of time series, in which time is related to the amount of TCP and UDP network traffic. The distribution of the number of packages over time can contribute to identify anomalies of behavioral deviations. For example, cyber attacks that generate large packet flows can be easily identified in such a view.
![alt text](https://github.com/rmmenezes/prototipo-arq-mononitoramento/blob/master/img/timelion.png?raw=true)

## Test File Repository
This public repository contains log records and captures network traffic. Such documents can be used for analysis and study but there is no direct classification of the devices and characteristics of the files. The set of files in this repository is a collection of various files collected from websites and other repositories across the Internet.
Link => https://github.com/rmmenezes/logsNetworksHosts