Industrial control systems are often used to control the functionality of devices and/or machinery that perform manufacturing and/or production operations within an industrial environment. For example, a nuclear power plant may implement and/or rely on an industrial control system to regulate the production and/or distribution of electrical power. This industrial control system may include a collection of sensors, actuators, controllers, control valves, motors, robotic devices, and/or computing devices. In this example, the nuclear power plant may represent a prime target of a terrorist attack due to the amount of devastation at stake in the event of a system failure and/or malfunction.
Unfortunately, due to the high security needs of certain industrial control systems, the network protocols with which these industrial control systems communicate are rarely documented and/or available to the public. As a result, conventional security technologies may be unable to meaningfully monitor network traffic within industrial control systems and/or detect suspicious behavior that suggests a particular device has potentially been compromised. Accordingly, conventional security technologies may be somewhat ineffective at identifying compromised devices within industrial control systems, potentially leaving such systems susceptible to attacks. The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for identifying compromised devices within industrial control systems.