TY - GEN
T1 - Using anomalous event patterns in control systems for tamper detection
AU - Sousan, William
AU - Gandhi, Robin
AU - Zhu, Qiuming
AU - Mahoney, William
PY - 2011
Y1 - 2011
N2 - Supervisory Control And Data Acquisition (SCADA) systems are used for geographically distributed process control by collecting sensory data that are processed by a central computer. These systems are used in critical domains such as nuclear power plants, public power grids, railway scheduling and ticketing, and others. The malfunctioning of these systems, e.g., if being comprised, could cause severe equipment damage, loss of life, and possibly shutdown of facilities that affect an entire community. As a result, SCADA systems provide nefarious actors, both insiders and outsiders, with great temptation as possible attack targets. In this paper, we present our work for monitoring SCADA systems through the development of a technology that incrementally learns normal behaviors of the system and then continuously watches for the occurrence of abnormal behaviors. Our technology exploits the repeating patterns of normal behavior in SCADA system operation. We describe the system architecture, prototype implementation and results in this paper.
AB - Supervisory Control And Data Acquisition (SCADA) systems are used for geographically distributed process control by collecting sensory data that are processed by a central computer. These systems are used in critical domains such as nuclear power plants, public power grids, railway scheduling and ticketing, and others. The malfunctioning of these systems, e.g., if being comprised, could cause severe equipment damage, loss of life, and possibly shutdown of facilities that affect an entire community. As a result, SCADA systems provide nefarious actors, both insiders and outsiders, with great temptation as possible attack targets. In this paper, we present our work for monitoring SCADA systems through the development of a technology that incrementally learns normal behaviors of the system and then continuously watches for the occurrence of abnormal behaviors. Our technology exploits the repeating patterns of normal behavior in SCADA system operation. We describe the system architecture, prototype implementation and results in this paper.
KW - Event Player
KW - SCADA Event Taxonomy
KW - SCADA Systems
KW - Snap-Shot learning
UR - http://www.scopus.com/inward/record.url?scp=84862869090&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84862869090&partnerID=8YFLogxK
U2 - 10.1145/2179298.2179326
DO - 10.1145/2179298.2179326
M3 - Conference contribution
AN - SCOPUS:84862869090
SN - 9781450309455
T3 - ACM International Conference Proceeding Series
BT - 7th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
Y2 - 12 October 2011 through 14 October 2011
ER -