Using anomalous event patterns in control systems for tamper detection

William Sousan, Robin Gandhi, Qiuming Zhu, William Mahoney

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Supervisory Control And Data Acquisition (SCADA) systems are used for geographically distributed process control by collecting sensory data that are processed by a central computer. These systems are used in critical domains such as nuclear power plants, public power grids, railway scheduling and ticketing, and others. The malfunctioning of these systems, e.g., if being comprised, could cause severe equipment damage, loss of life, and possibly shutdown of facilities that affect an entire community. As a result, SCADA systems provide nefarious actors, both insiders and outsiders, with great temptation as possible attack targets. In this paper, we present our work for monitoring SCADA systems through the development of a technology that incrementally learns normal behaviors of the system and then continuously watches for the occurrence of abnormal behaviors. Our technology exploits the repeating patterns of normal behavior in SCADA system operation. We describe the system architecture, prototype implementation and results in this paper.

Original languageEnglish (US)
Title of host publication7th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publicationEnergy Infrastructure Cyber Protection, CSIIRW11
DOIs
StatePublished - Dec 1 2011
Event7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11 - Oak Ridge, TN, United States
Duration: Oct 12 2011Oct 14 2011

Publication series

NameACM International Conference Proceeding Series

Conference

Conference7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
CountryUnited States
CityOak Ridge, TN
Period10/12/1110/14/11

Keywords

  • Event Player
  • SCADA Event Taxonomy
  • SCADA Systems
  • Snap-Shot learning

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Using anomalous event patterns in control systems for tamper detection'. Together they form a unique fingerprint.

  • Cite this

    Sousan, W., Gandhi, R., Zhu, Q., & Mahoney, W. (2011). Using anomalous event patterns in control systems for tamper detection. In 7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11 (ACM International Conference Proceeding Series). https://doi.org/10.1145/2179298.2179326