Industrial Control Systems (ICSs) are often used to control the functionality of devices and/or machinery that perform manufacturing and/or production operations within an industrial environment. For example, a nuclear power plant may implement and/or rely on an ICS to regulate the production and/or distribution of electrical power. A typical ICS may include a collection of sensors, actuators, controllers, control valves, motors, robotic devices, and/or other computing devices that communicate messages using a specialized network protocol that is designed for ICS environments.
Anomaly detection is a method for detecting suspicious communications within a network. Some anomaly-detection systems will attempt to detect when abnormal (e.g., malicious) message sequences are present on a network. The network traffic in a typical ICS network, also known as an Operational Technology network, may be more cyclic and predictable than the network traffic in a typical Information Technology (IT) network. However, the task of distinguishing between normal message sequences and abnormal message sequences in an ICS network may still be difficult and inaccurate using some anomaly-detection technologies due to the complexity, required memory, required computational power, and slowness of these technologies.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.