Abstract
SCADA (supervisory control and data acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.
Highlights
SCADA systems can be found in critical infrastructures such as power plants and power grid systems, water, oil and gas distribution systems, building monitoring, production systems for food, cars, ships and other products
– we propose an approach to detect process-related threats and build a tool to automate the analysis of SCADA logs, which can be used to monitor the industrial process
– we were provided with only 2 weeks of system logs; – we cannot claim that these 2 weeks represent a complete set of behaviours that occur in the facility through a year; – water-related systems are considered as slow processes, we can afford to run the analysis with a delay
Summary
SCADA systems can be found in critical infrastructures such as power plants and power grid systems, water, oil and gas distribution systems, building monitoring (e.g., airports, railway stations), production systems for food, cars, ships and other products. An attacker can first subvert the access control mechanism to gain control over an engineering work station This action would use a system-related threat (e.g., exploiting an OS vulnerability). Focus groups consist of process engineers who are aware of the semantic implications of specific actions, but typically cannot provide useful information for automatic extraction of log entries. This is due to the fact that engineers do not perform extensive analysis of system outputs and are not experts in data mining. – we propose an approach to detect process-related threats and build a tool to automate the analysis of SCADA logs, which can be used to monitor the industrial process,.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have