SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.
|Place of Publication||Enschede|
|Publisher||Centre for Telematics and Information Technology (CTIT)|
|Number of pages||18|
|Publication status||Published - 15 Oct 2010|
|Name||CTIT Technical Report Series|
|Publisher||Centre for Telematics and Information Technology, University of Twente|
- Intrusion detection
Hadziosmanovic, D., Bolzoni, D., & Hartel, P. (2010). A Log Mining Approach for Process Monitoring in SCADA. (CTIT Technical Report Series; No. TR-CTIT-10-35). Enschede: Centre for Telematics and Information Technology (CTIT).