Improving SIEM for critical SCADA water infrastructures using machine learning

Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Xavier Bellekens

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

2 Citations (Scopus)
2 Downloads (Pure)

Abstract

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.

Original languageEnglish
Title of host publicationComputer Security
Subtitle of host publicationESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Revised Selected Papers
EditorsSokratis K. Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Annie Antón, Stefanos Gritzalis, John Mylopoulos, Christos Kalloniatis
Place of PublicationCham
PublisherSpringer-Verlag
Pages3-19
Number of pages17
ISBN (Print)9783030127855
DOIs
Publication statusPublished - 25 Mar 2019
Event4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018 and 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018 held in conjunction with 23rd European Symposium on Research in Computer Security, ESORICS 2018 - Barcelona, Spain
Duration: 6 Sep 20187 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11387 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018 and 2nd International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018 held in conjunction with 23rd European Symposium on Research in Computer Security, ESORICS 2018
CountrySpain
CityBarcelona
Period6/09/187/09/18

    Fingerprint

Keywords

  • cyber-physical systems
  • machine learning
  • SCADA
  • SIEM

Cite this

Hindy, H., Brosset, D., Bayne, E., Seeam, A., & Bellekens, X. (2019). Improving SIEM for critical SCADA water infrastructures using machine learning. In S. K. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, A. Antón, S. Gritzalis, J. Mylopoulos, ... C. Kalloniatis (Eds.), Computer Security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Revised Selected Papers (pp. 3-19). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11387 LNCS). Cham: Springer-Verlag. https://doi.org/10.1007/978-3-030-12786-2_1