Research Focus Class on Securing Industrial Networks

Our Research Focus Classes (RFC) are a special kind of lecture: they are more interactive and research-oriented than typical lectures. Students participating in an RFC should be aware that they are not only getting in touch with real research but also have to expect doing independent work. In the past, results from our RFCs have lead to publications at high-ranking scientific venues and many participants continued to pursue their sparked passion for research within a PhD.

Organizational Information

  • SWS: V3/Ü2, ECTS: 6
  • Organizers: this course is offered in cooperation between COMSYS and Fraunhofer FKIE
  • Study programs: Master Informatik (Software und Kommunikation), Master Software Systems Engineering (Communication), Master Media Informatics
  • Language: English
  • Start: TBD with participants (mid-April)
  • Lecture slot: TBD with participants (1.5-2 hours per week)
  • Location: we expect the RFC to completely take place virtual, in any case remote participation will be possible
  • Due to limited capacity, prior registration is required!
  • Registration and questions: please send an email to rfc [[at]]


In industrial scenarios more and more systems and network get interconnected using the Internet to realize novel forms of industrial cooperation. Furthermore, visions like the Internet of Production (IoP) show that this trend does not stop in the foreseeable future since the expected advantages are tremendous. For instance, cross-domain collaboration decreases costs, increases productivity, and boosts profit by allowing to share data from development, production, as well as usage.

However, interconnecting more and more systems and networks introduces further surface for attacks. In the industrial context, this situation is especially critical as the lifetime of industrial devices is significantly longer than in other areas, i.e., most of the devices currently used in factories and plants were developed without global security considerations in mind. Nevertheless, research has shown that these unprotected protocols are often used to communicate over the Internet. With human safety and reliable production in mind, this can end disastrous since communication can be altered and industrial machines can potentially be taken over by an attacker. The lack of security mechanism is not only a problem when legacy devices communicate over the Internet, but also whenever these devices share the same network with devices that communicate via the Internet, i.e., infected devices are able to attack these legacy devices even in the local network. Another threat is the possible loss of intellectual property, i.e., infected devices cannot only attack devices in the local network but can also be used to steal data from the company's network.


In this RFC, you will get in touch with current security problems of industrial networks, state-of-the-art security solutions and missing paradigms for security in (envisioned) future industrial cooperation. Depending on your interests, you will dive deeper into topics such as:

  • Security paradigms for legacy industrial control systems with tight resource-constraints
    • On the way to modern production systems not all devices are exchanged once, i.e., resource-constrained devices that do not provide any security features reside in the same network that contains devices communicating via the Internet, e.g., with collaborators or smartphones. Here, you get in touch with already existing security paradigms and the lack of functions they have.
  • Security assessment of industrial networks
    • Increasing complexitiy of industrial networks, communication relationships, and security measures lead to in-secure configuration of industrial networks. You will learn how to assess the security of industrial networks to detect such configuration deficits and have the opportunity to further improve existing assessment approaches or develop completely new ideas to evaluate the state of security of industrial networks.
  • Intrusion detection and prevention in future industrial networks
    • Dynamic communication between collaborators in future industrial networks might interfere with current intrusion detection solutions, i.e., the rule sets of rule-based intrusion detection systems might explode and anomaly-based systems lead to a high false-positive rate. Hence, within this RFC you can ensure that intrusion detection and prevention systems are able to handle the upcoming dynamic communication patterns in future industrial networks.
  • Infrastructure for industrial network security research
    • Since testing and evaluating implemented security mechanisms in a running production environment is nearly impossible, corresponding dataset and/or simulation environments are needed. Thus, in this RFC you can get insight in already existing simulation environments and have the ability to improve and extend their functionality. Likewise, you will learn which datasets exists and can create new or modify existing datasets to the needs of industrial network security research.


The RFCs are research-oriented courses following an interactive schema. To do so, we give a short introductory lecture about the topic (5-6 lecture slots). This lecture phase is accompanied by small practical homework tasks to familiarize yourself with the topic. Afterwards in the analysis phase, you identify your own interesting research projects within the scope of industrial network security (if necessary, we will help you with this) and prepare a short presentation of the motivation behind your idea and how you intend to tackle it. In the remainder of the class you then should realize your idea in the form of a mini project. Finally, you present your results to the other participants and the researchers from COMSYS and Fraunhofer FKIE.

Overall Schedule

  1. Lecture Phase: 5-6 weeks
    • Getting up to speed!
    • Learn about concepts, approaches, tools, examples ...
    • Hands-on supplementary homework tasks to practice what you learned
  2. Concept Phase: 4 weeks
    • Develop your own resarch idea
    • Present your idea to the other participants
  3. Mini Project: up to 12 weeks
    • Get your hands dirty! Perform work on your research idea
    • Short presentation/demo at the end
    • Interesting/fruitful projects may even result in a scientific publication


This class will serve as an introduction on how to conduct research in communication systems and network security. Besides learning about the actual topics, taking this course is an ideal preparation for doing a master thesis in our groups and later on pursue a career in research. You should have prior knowledge at least in the basics of data communication and an interest in doing independent research. A background in security is not mandatory, but encouraged. As this course is supposed to be highly interactive, seats are limited. Should we receive more registrations than seats available, we will select students based on their qualification for this course.

- Impressum | Datenschutz -