A Log Mining Approach for Process Monitoring in SCADA

Dina Hadziosmanovic, Damiano Bolzoni, Pieter Hartel

    Research output: Book/ReportReportProfessional

    55 Downloads (Pure)

    Abstract

    SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.
    Original languageEnglish
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages18
    Publication statusPublished - 15 Oct 2010

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-10-35
    ISSN (Print)1381-3625

    Fingerprint

    Process monitoring
    Data acquisition
    SCADA systems
    Water treatment
    Monitoring
    Processing
    Experiments

    Keywords

    • SCS-Cybersecurity
    • Visualization
    • Security
    • SCADA
    • Intrusion detection

    Cite this

    Hadziosmanovic, D., Bolzoni, D., & Hartel, P. (2010). A Log Mining Approach for Process Monitoring in SCADA. (CTIT Technical Report Series; No. TR-CTIT-10-35). Enschede: Centre for Telematics and Information Technology (CTIT).
    Hadziosmanovic, Dina ; Bolzoni, Damiano ; Hartel, Pieter. / A Log Mining Approach for Process Monitoring in SCADA. Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 18 p. (CTIT Technical Report Series; TR-CTIT-10-35).
    @book{1c28429a1bd142f7a8703ec405c9f1f6,
    title = "A Log Mining Approach for Process Monitoring in SCADA",
    abstract = "SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.",
    keywords = "SCS-Cybersecurity, Visualization, Security, SCADA, Intrusion detection",
    author = "Dina Hadziosmanovic and Damiano Bolzoni and Pieter Hartel",
    year = "2010",
    month = "10",
    day = "15",
    language = "English",
    series = "CTIT Technical Report Series",
    publisher = "Centre for Telematics and Information Technology (CTIT)",
    number = "TR-CTIT-10-35",
    address = "Netherlands",

    }

    Hadziosmanovic, D, Bolzoni, D & Hartel, P 2010, A Log Mining Approach for Process Monitoring in SCADA. CTIT Technical Report Series, no. TR-CTIT-10-35, Centre for Telematics and Information Technology (CTIT), Enschede.

    A Log Mining Approach for Process Monitoring in SCADA. / Hadziosmanovic, Dina; Bolzoni, Damiano; Hartel, Pieter.

    Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 18 p. (CTIT Technical Report Series; No. TR-CTIT-10-35).

    Research output: Book/ReportReportProfessional

    TY - BOOK

    T1 - A Log Mining Approach for Process Monitoring in SCADA

    AU - Hadziosmanovic, Dina

    AU - Bolzoni, Damiano

    AU - Hartel, Pieter

    PY - 2010/10/15

    Y1 - 2010/10/15

    N2 - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

    AB - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

    KW - SCS-Cybersecurity

    KW - Visualization

    KW - Security

    KW - SCADA

    KW - Intrusion detection

    M3 - Report

    T3 - CTIT Technical Report Series

    BT - A Log Mining Approach for Process Monitoring in SCADA

    PB - Centre for Telematics and Information Technology (CTIT)

    CY - Enschede

    ER -

    Hadziosmanovic D, Bolzoni D, Hartel P. A Log Mining Approach for Process Monitoring in SCADA. Enschede: Centre for Telematics and Information Technology (CTIT), 2010. 18 p. (CTIT Technical Report Series; TR-CTIT-10-35).