This project was built and completed during the GCC 2025 in Taiwan by Group 8, It called "AI-based ICS Incident Investigation System"
- Analyse malicious or abnormal traffic in ICS environment or traffic recording pcap
- Import AI module to support multiple ICS protocol for different environments
- Fine tune AI module for traffic analysing
- Able to display network topology, infected devices and indicate malicious actions
- Bonus: use AI to automate attacks on ICS
- Input: .pcap files
- ICS-Flow from kaggle (https://www.kaggle.com/datasets/alirezadehlaghi/icssim/data)
- Capture from simulation system
- Output: malicious “network flow”
Normal, ddos, ip-scan, mitm, port-scan, replay, command-injection
- Multiple packets → One network flow
- Group by (protocol, source, destination)
- Preprocess data
- Handle sequential data
- Capture common characteristic
- Multi-class classification and NaN
- Fast training
- Great performance
