MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA

D. Hadziosmanovic, D. Bolzoni, Pieter H. Hartel

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    1 Citation (Scopus)
    5 Downloads (Pure)

    Abstract

    Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.
    Original languageUndefined
    Title of host publicationProceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010)
    EditorsSomesh Jha, Robin Sommer, Christian Kreibich
    Place of PublicationBerlin
    PublisherSpringer
    Pages500-501
    Number of pages2
    ISBN (Print)978-3-642-15511-6
    DOIs
    Publication statusPublished - 15 Sept 2010
    Event13th International Symposium on Recent Advances in Intrusion Detection, RAID 2010 - Ottawa, Canada
    Duration: 15 Sept 201017 Sept 2010

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    Volume6307
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Conference

    Conference13th International Symposium on Recent Advances in Intrusion Detection, RAID 2010
    Period15/09/1017/09/10
    Other15-17 Sep 2010

    Keywords

    • METIS-276147
    • EWI-18806
    • SCS-Cybersecurity
    • IR-74581

    Cite this