• DocumentCode
    580249
  • Title

    MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures

  • Author

    Hadiosmanovic, D. ; Bolzoni, Damiano ; Hartel, Pieter ; Etalle, Sandro

  • Author_Institution
    Univ. of Twente, Enschede, Netherlands
  • fYear
    2011
  • fDate
    6-7 Sept. 2011
  • Firstpage
    41
  • Lastpage
    48
  • Abstract
    We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.
  • Keywords
    SCADA systems; authorisation; critical infrastructures; data mining; process control; ICS logs; MELISSA; automatic undesirable user action detection; critical infrastructures; industrial process control system; legitimate actions; mining event logs for intrusion in SCADA systems; process workflow; process-related threat detection; user access rights; user action anomalous pattern detection; Context; Data mining; Itemsets; Process control; Protocols; SCADA systems; Security; SCADA; critical infrastructure; industrial control system; log analysis; user behaviour;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Network Defense (EC2ND), 2011 Seventh European Conference on
  • Conference_Location
    Gothenburg
  • Print_ISBN
    978-1-4673-2116-7
  • Type

    conf

  • DOI
    10.1109/EC2ND.2011.10
  • Filename
    6377737
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=580249