A Log Mining Approach for Process Monitoring in SCADA

Dina Hadziosmanovic; Damiano Bolzoni; Pieter Hartel

A Log Mining Approach for Process Monitoring in SCADA

Dina Hadziosmanovic, Damiano Bolzoni, Pieter Hartel

Research output: Book/Report › Report › Professional

120 Downloads (Pure)

Abstract

SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

Original language	English
Place of Publication	Enschede
Publisher	Centre for Telematics and Information Technology (CTIT)
Number of pages	18
Publication status	Published - 15 Oct 2010

Publication series

Name	CTIT Technical Report Series
Publisher	Centre for Telematics and Information Technology, University of Twente
No.	TR-CTIT-10-35
ISSN (Print)	1381-3625

Keywords

SCS-Cybersecurity
Visualization
Security
SCADA
Intrusion detection

Access to Document

Hadziosmanovic2012logFinal published version, 10.7 MB

1 Article

A Log Mining Approach for Process Monitoring in SCADA
Hadziosmanovic, D., Bolzoni, D. & Hartel, P., 2012, In: International journal of information security. 11, 4, p. 231-251 10 p.
Research output: Contribution to journal › Article › Academic › peer-review

Open Access
File
55 Citations (Scopus)

354 Downloads (Pure)

Cite this

@book{1c28429a1bd142f7a8703ec405c9f1f6,

title = "A Log Mining Approach for Process Monitoring in SCADA",

abstract = "SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.",

keywords = "SCS-Cybersecurity, Visualization, Security, SCADA, Intrusion detection",

author = "Dina Hadziosmanovic and Damiano Bolzoni and Pieter Hartel",

year = "2010",

month = oct,

day = "15",

language = "English",

series = "CTIT Technical Report Series",

publisher = "Centre for Telematics and Information Technology (CTIT)",

number = "TR-CTIT-10-35",

address = "Netherlands",

}

TY - BOOK

T1 - A Log Mining Approach for Process Monitoring in SCADA

AU - Hadziosmanovic, Dina

AU - Bolzoni, Damiano

AU - Hartel, Pieter

PY - 2010/10/15

Y1 - 2010/10/15

N2 - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

AB - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

KW - SCS-Cybersecurity

KW - Visualization

KW - Security

KW - SCADA

KW - Intrusion detection

M3 - Report

T3 - CTIT Technical Report Series

BT - A Log Mining Approach for Process Monitoring in SCADA

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -

A Log Mining Approach for Process Monitoring in SCADA

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Research output

A Log Mining Approach for Process Monitoring in SCADA

Cite this