A Log Mining Approach for Process Monitoring in SCADA

Dina Hadziosmanovic, Damiano Bolzoni, Pieter Hartel

    Research output: Contribution to journalArticleAcademicpeer-review

    42 Citations (Scopus)
    73 Downloads (Pure)

    Abstract

    SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.
    Original languageEnglish
    Pages (from-to)231-251
    Number of pages10
    JournalInternational journal of information security
    Volume11
    Issue number4
    DOIs
    Publication statusPublished - 2012

    Fingerprint

    Process monitoring
    Data acquisition
    SCADA systems
    Water treatment
    Monitoring
    Processing
    Experiments

    Keywords

    • DIES-Network Security
    • SCS-Cybersecurity
    • Pattern mining
    • Log analysis
    • Intrusion detection
    • SCADA
    • Security

    Cite this

    Hadziosmanovic, Dina ; Bolzoni, Damiano ; Hartel, Pieter. / A Log Mining Approach for Process Monitoring in SCADA. In: International journal of information security. 2012 ; Vol. 11, No. 4. pp. 231-251.
    @article{670c18e9d6364efbafc41b61d8957090,
    title = "A Log Mining Approach for Process Monitoring in SCADA",
    abstract = "SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.",
    keywords = "DIES-Network Security, SCS-Cybersecurity, Pattern mining, Log analysis, Intrusion detection, SCADA, Security",
    author = "Dina Hadziosmanovic and Damiano Bolzoni and Pieter Hartel",
    year = "2012",
    doi = "10.1007/s10207-012-0163-8",
    language = "English",
    volume = "11",
    pages = "231--251",
    journal = "International journal of information security",
    issn = "1615-5262",
    publisher = "Springer",
    number = "4",

    }

    A Log Mining Approach for Process Monitoring in SCADA. / Hadziosmanovic, Dina; Bolzoni, Damiano; Hartel, Pieter.

    In: International journal of information security, Vol. 11, No. 4, 2012, p. 231-251.

    Research output: Contribution to journalArticleAcademicpeer-review

    TY - JOUR

    T1 - A Log Mining Approach for Process Monitoring in SCADA

    AU - Hadziosmanovic, Dina

    AU - Bolzoni, Damiano

    AU - Hartel, Pieter

    PY - 2012

    Y1 - 2012

    N2 - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

    AB - SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.

    KW - DIES-Network Security

    KW - SCS-Cybersecurity

    KW - Pattern mining

    KW - Log analysis

    KW - Intrusion detection

    KW - SCADA

    KW - Security

    U2 - 10.1007/s10207-012-0163-8

    DO - 10.1007/s10207-012-0163-8

    M3 - Article

    VL - 11

    SP - 231

    EP - 251

    JO - International journal of information security

    JF - International journal of information security

    SN - 1615-5262

    IS - 4

    ER -