A Log Mining Approach for Process Monitoring in SCADA

Dina Hadziosmanovic, Damiano Bolzoni, Pieter Hartel

    Research output: Contribution to journalArticleAcademicpeer-review

    47 Citations (Scopus)
    264 Downloads (Pure)


    SCADA (Supervisory Control and Data Acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which areintended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective indetecting anomalous events that might alter the regular process workflow.
    Original languageEnglish
    Pages (from-to)231-251
    Number of pages10
    JournalInternational journal of information security
    Issue number4
    Publication statusPublished - 2012


    • DIES-Network Security
    • SCS-Cybersecurity
    • Pattern mining
    • Log analysis
    • Intrusion detection
    • SCADA
    • Security

    Fingerprint Dive into the research topics of 'A Log Mining Approach for Process Monitoring in SCADA'. Together they form a unique fingerprint.

    Cite this