Network Topology Exploration for Industrial Networks

  • Andreas PaulEmail author
  • Franka Schuster
  • Hartmut König
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 188)


Large industrial networks (e.g., plants and grids) are usually characterized by numerous sectors of responsibility and multiple suppliers. Managing these networks is a challenge and requires concrete knowledge of the current network state in terms of device influence and network activities. Here, automated topology exploration is a valuable and very performant measure to provide a wide range of information about devices and their communication relations. Existing exploration methods mostly use active, intrusive methods which have no chance to be applied in sensitive or critical industrial networks. In this paper we present a completely passive approach. It is supplier-independent and provides information that has not been explored before using passive methods.


Topology exploration Industrial networks Critical infrastructures Passive network traffic analysis 



The authors gratefully acknowledge funding from the German Federal Ministry of Education and Research (BMBF) via the projects INDI (funding code: 16KIS0156) and SICIA (16KIS0158K).


  1. 1.
    Snort: Network intrusion detection system (2016).
  2. 2.
    Black, R., Donnelly, A., Fournet, C.: Ethernet topology discovery without network assistance. In: Proceedings of the 12th IEEE International Conference on Network Protocols (ICNP 2004), Berlin, Germany, 5–8 October 2004, pp. 328–339 (2004)Google Scholar
  3. 3.
    Breitbart, Y., Garofalakis, M.N., Jai, B., Martin, C., Rastogi, R., Silberschatz, A.: Topology discovery in heterogeneous IP networks: the NetInventory system. IEEE/ACM Trans. Netw. 12(3), 401–414 (2004)CrossRefGoogle Scholar
  4. 4.
    Eriksson, B., Barford, P., Nowak, R.D., Crovella, M.: Learning network structure from passive measurements. In: Proceedings of the 7th ACM SIGCOMM Internet Measurement Conference, IMC 2007, San Diego, California, USA, 24–26 October 2007, pp. 209–214 (2007)Google Scholar
  5. 5.
    Gobjuka, H., Breitbart, Y.: Ethernet topology discovery for networks with incomplete information. IEEE/ACM Trans. Netw. 18(4), 1220–1233 (2010)CrossRefGoogle Scholar
  6. 6.
    Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-Gram against the machine: on the feasibility of the N-Gram network analysis for binary protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33338-5_18 CrossRefGoogle Scholar
  7. 7.
    Kienzle, D.M., Evans, N.S., Elder, M.C.: NICE: endpoint-based topology discovery. In: Cyber and Information Security Research Conference, CISR 2014, Oak Ridge, TN, USA, 8–10 April 2014, pp. 97–100 (2014)Google Scholar
  8. 8.
    Lowekamp, B., O’Hallaron, D.R., Gross, T.R.: Topology discovery for large ethernet networks. In: SIGCOMM, pp. 237–248 (2001)Google Scholar
  9. 9.
    Moussadek-Kabdania, A., Soilli, A.: Grassmarlin, an open-source tool for passive ICS network mapping (2016).
  10. 10.
    Schuster, F., Paul, A.: A distributed intrusion detection system for industrial automation networks. In: Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation, ETFA 2012, Krakow, Poland, 17–21 September 2012, pp. 1–4. IEEE (2012)Google Scholar
  11. 11.
    Schuster, F., Paul, A., Rietz, R., König, H.: Potentials of using one-class SVM for detecting protocol-specific anomalies in industrial networks. In: IEEE Symposium Series on Computational Intelligence, SSCI 2015, Cape Town, South Africa, 7–10 December 2015, pp. 83–90. IEEE (2015)Google Scholar
  12. 12.
    Wang, Y., Li, D., Han, C., Zhu, Z.: Research and application on automatic network topology discovery in ITSM system. In: Proceedings of the 9th International Conference on Hybrid Intelligent Systems, Shenyang, China, 12–14 August 2009, pp. 336–340 (2009)Google Scholar
  13. 13.
    Yao, B., Viswanathan, R., Chang, F., Waddington, D.G.: Topology inference in the presence of anonymous routers. In: IEEE INFOCOM 2003, The 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Franciso, CA, USA, March 30 - April 3 2003 (2003)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  1. 1.Computer Networks GroupBrandenburg University of Technology Cottbus-SenftenbergCottbusGermany

Personalised recommendations