Detecting Low-Level Attacks on Wireless OT Networks

Wireless networks are increasingly used in production environments but often cannot implement active security measures due to concerns about negative availability impacts. As these networks are increasingly targeted by adversaries, passive detection methods are required that supplement existing infrastructures. Therefore, the GLACIER research project [5] is developing a novel multidimensional analysis that combines anomaly detection with user feedback to avoid false positives as far as possible. For wireless OT networks, it uses low-cost distributed passive probes to observe low-level network properties that are aggregated in a central system to build a global view of the network, its nodes and their communication patterns, that is the baseline to detect anomalies or suspicious behavior.