Automating security tests for industrial automation devices using neural networks

TCP/IP OS fingerprinting is the task of identify a machine operating system according to its protocol stack implementation. Fingerprinting tools are able to provide information that can be useful to protect SCADA systems. It can be used for network device inventory, detect unauthorized or dangerous devices and select security tests. In this work we propose a new method for identify and classify network devices using the nmap tool fingerprinting capabilities and a neural network. With a new metric based on Euclidean distance for comparing OS fingerprints and a self-organizing neural net, we build a contextual map that groups similarities between systems. This map will be used to identify devices based on its operating system and select security tests according to the device class it belongs to.