Improving SIEM for critical SCADA water infrastructures using machine learning
Conference paper
Hindy, H., Brosset, D., Bayne, E., Seeam, A. and Bellekens, X. 2019. Improving SIEM for critical SCADA water infrastructures using machine learning. Katsikas, S., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Antón, A., Gritzalis, S., Mylopoulos, J. and Kalloniatis, C. (ed.) Fourth Workshop on Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2018). Barcelona, Spain 06 - 07 Sep 2018 Springer. https://doi.org/10.1007/978-3-030-12786-2_1
Type | Conference paper |
---|---|
Title | Improving SIEM for critical SCADA water infrastructures using machine learning |
Authors | Hindy, H., Brosset, D., Bayne, E., Seeam, A. and Bellekens, X. |
Abstract | Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset. |
Middlesex University Theme | Creativity, Culture & Enterprise |
Conference | Fourth Workshop on Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2018) |
Proceedings Title | SECPRE 2018, CyberICPS 2018: Computer Security |
Series | Lecture Notes in Computer Science |
Editors | Katsikas, S., Cuppens, F., Cuppens, N., Lambrinoudakis, C., Antón, A., Gritzalis, S., Mylopoulos, J. and Kalloniatis, C. |
ISSN | 0302-9743 |
Electronic | 1611-3349 |
ISBN | |
Hardcover | 9783030127855 |
Electronic | 9783030127862 |
Publisher | Springer |
Publication dates | |
Online | 31 Jan 2019 |
Publication process dates | |
Deposited | 03 Oct 2022 |
Accepted | 01 Jan 2019 |
Output status | Published |
Digital Object Identifier (DOI) | https://doi.org/10.1007/978-3-030-12786-2_1 |
Language | English |
https://repository.mdx.ac.uk/item/8q028
45
total views0
total downloads1
views this month0
downloads this month