TY - GEN
T1 - Improving SIEM for critical SCADA water infrastructures using machine learning
AU - Hindy, Hanan
AU - Brosset, David
AU - Bayne, Ethan
AU - Seeam, Amar
AU - Bellekens, Xavier
PY - 2019/3/25
Y1 - 2019/3/25
N2 - Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
AB - Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
KW - cyber-physical systems
KW - machine learning
KW - SCADA
KW - SIEM
UR - http://www.scopus.com/inward/record.url?scp=85061373640&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-12786-2_1
DO - 10.1007/978-3-030-12786-2_1
M3 - Conference contribution book
AN - SCOPUS:85061373640
SN - 9783030127855
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 3
EP - 19
BT - Computer Security
A2 - Katsikas, Sokratis K.
A2 - Cuppens, Frédéric
A2 - Cuppens, Nora
A2 - Lambrinoudakis, Costas
A2 - Antón, Annie
A2 - Gritzalis, Stefanos
A2 - Mylopoulos, John
A2 - Kalloniatis, Christos
PB - Springer-Verlag
CY - Cham
T2 - 4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018 and 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018 held in conjunction with 23rd European Symposium on Research in Computer Security, ESORICS 2018
Y2 - 6 September 2018 through 7 September 2018
ER -