A manufacturing company recently recovered from an attack on its ICS devices.
It has since reduced the attack surface by isolating the affected components.
The company now wants to implement detection capabilities.
It is considering a system that is based on machine learning.
Which of the following features would BEST describe the driver to adopt such nascent technology over mainstream commercial IDSs?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The manufacturing company wants to implement detection capabilities in order to prevent future attacks on its ICS (Industrial Control System) devices. The company is considering a system based on machine learning, but it is unclear why they would choose this over a mainstream commercial IDS (Intrusion Detection System).
Option A, "Trains on normal behavior and identifies deviations therefrom", is a key feature of machine learning-based systems. This means that the system will learn what normal behavior looks like in the ICS environment and then flag any deviations from that behavior as potential threats. This is different from traditional IDS systems, which rely on known bad signatures and behaviors (Option B) or classification of traffic based on logical protocols and messaging formats (Option C).
Option D, "Automatically reconfigures ICS devices based on observed behavior", is not related to detection capabilities but rather to response capabilities. This is not mentioned as a driver for adopting machine learning-based detection capabilities over commercial IDS systems.
In conclusion, the best answer is A, as it explains the primary benefit of using a machine learning-based detection system over traditional IDS systems. By training on normal behavior and identifying deviations, the machine learning system can provide a more proactive and effective defense against attacks on the ICS devices.