MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA

D. Hadziosmanovic, D. Bolzoni, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)

Abstract

Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.
Original languageUndefined
Title of host publicationProceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010)
EditorsSomesh Jha, Robin Sommer, Christian Kreibich
Place of PublicationBerlin
PublisherSpringer
Pages500-501
Number of pages2
ISBN (Print)978-3-642-15511-6
DOIs
Publication statusPublished - 15 Sep 2010

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume6307
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Keywords

  • METIS-276147
  • EWI-18806
  • SCS-Cybersecurity
  • IR-74581

Cite this

Hadziosmanovic, D., Bolzoni, D., & Hartel, P. H. (2010). MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. In S. Jha, R. Sommer, & C. Kreibich (Eds.), Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010) (pp. 500-501). (Lecture Notes in Computer Science; Vol. 6307). Berlin: Springer. https://doi.org/10.1007/978-3-642-15512-3_33
Hadziosmanovic, D. ; Bolzoni, D. ; Hartel, Pieter H. / MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010). editor / Somesh Jha ; Robin Sommer ; Christian Kreibich. Berlin : Springer, 2010. pp. 500-501 (Lecture Notes in Computer Science).
@inproceedings{133bc04a396645ffab7ebf72fb5d09cd,
title = "MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA",
abstract = "Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.",
keywords = "METIS-276147, EWI-18806, SCS-Cybersecurity, IR-74581",
author = "D. Hadziosmanovic and D. Bolzoni and Hartel, {Pieter H.}",
note = "10.1007/978-3-642-15512-3_33",
year = "2010",
month = "9",
day = "15",
doi = "10.1007/978-3-642-15512-3_33",
language = "Undefined",
isbn = "978-3-642-15511-6",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "500--501",
editor = "Somesh Jha and Robin Sommer and Christian Kreibich",
booktitle = "Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010)",

}

Hadziosmanovic, D, Bolzoni, D & Hartel, PH 2010, MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. in S Jha, R Sommer & C Kreibich (eds), Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010). Lecture Notes in Computer Science, vol. 6307, Springer, Berlin, pp. 500-501. https://doi.org/10.1007/978-3-642-15512-3_33

MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. / Hadziosmanovic, D.; Bolzoni, D.; Hartel, Pieter H.

Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010). ed. / Somesh Jha; Robin Sommer; Christian Kreibich. Berlin : Springer, 2010. p. 500-501 (Lecture Notes in Computer Science; Vol. 6307).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA

AU - Hadziosmanovic, D.

AU - Bolzoni, D.

AU - Hartel, Pieter H.

N1 - 10.1007/978-3-642-15512-3_33

PY - 2010/9/15

Y1 - 2010/9/15

N2 - Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.

AB - Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.

KW - METIS-276147

KW - EWI-18806

KW - SCS-Cybersecurity

KW - IR-74581

U2 - 10.1007/978-3-642-15512-3_33

DO - 10.1007/978-3-642-15512-3_33

M3 - Conference contribution

SN - 978-3-642-15511-6

T3 - Lecture Notes in Computer Science

SP - 500

EP - 501

BT - Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010)

A2 - Jha, Somesh

A2 - Sommer, Robin

A2 - Kreibich, Christian

PB - Springer

CY - Berlin

ER -

Hadziosmanovic D, Bolzoni D, Hartel PH. MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. In Jha S, Sommer R, Kreibich C, editors, Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID 2010). Berlin: Springer. 2010. p. 500-501. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-642-15512-3_33