Principle Components and Importance Ranking of Distributed Anomalies

SCADA (supervisory control and data acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.

show abstract

Section: Mitigation Approachmentioning

confidence: 99%

A log mining approach for process monitoring in SCADA

Hadžiosmanović

Bolzoni

Hartel

2012

Int. J. Inf. Secur.

View full text Add to dashboard Cite

show abstract

“…The basic idea of our approach is that a frequent behaviour, over an extended period of time, is likely to be normal because event messages that reflect normal system activity are usually frequent [20,74,108]. Similar to Burns et al [28], we found a large fraction of events that always appear with the same number of daily occurrences (e.g., timer-triggered event).…”

Section: Approachsupporting

confidence: 63%

Process matters: cyber security in industrial control systems

Hadžiosmanović¹

View full text Add to dashboard Cite

“…Even two nodes with the same degree but need not have similar characteristics [1] (for example, see Figure 1). There are other centrality metrics, such as eigenvector centrality, which can help distinguish between nodes A and B that have the same degree centrality.…”

Section: Degree Centralitymentioning

confidence: 99%

“…Let v i be the i th element of the vector v, representing the centrality measure of node i, where N (i) is the set of neighbors of node i and let A be the n × n adjacency matrix of the undirected network graph. Eigenvector centrality is defined using the following formulas [1]:…”

Section: Eigenvector Centralitymentioning

confidence: 99%

Localized Bridging Centrality for Distributed Network Analysis

Nanda

Kotz

2008

2008 Proceedings of 17th International Conference on Computer Communications and Networks

View full text Add to dashboard Cite

Centrality is a concept often used in social network analysis to study different properties of networks that are modeled as graphs. We present a new centrality metric called Localized Bridging Centrality (LBC). LBC is based on the Bridging Centrality (BC) metric that Hwang et al. recently introduced. Bridging nodes are nodes that are located in between highly connected regions. LBC is capable of identifying bridging nodes with an accuracy comparable to that of the BC metric for most networks. As the name suggests, we use only local information from surrounding nodes to compute the LBC metric, while, global knowledge is required to calculate the BC metric. The main difference between LBC and BC is that LBC uses the egocentric definition of betweenness centrality to identify bridging nodes, while BC uses the sociocentric definition of betweenness centrality. Thus, our LBC metric is suitable for distributed computation and has the benefit of being an order of magnitude faster to calculate in computational complexity. We compare the results produced by BC and LBC in three examples. We applied our LBC metric for network analysis of a real wireless mesh network. Our results indicate that the LBC metric is as powerful as the BC metric at identifying bridging nodes that have a higher flow of information through them (assuming a uniform distribution of network flows) and are important for the robustness of the network.

show abstract

Principle Components and Importance Ranking of Distributed Anomalies

Cited by 17 publications

References 15 publications

A log mining approach for process monitoring in SCADA

A log mining approach for process monitoring in SCADA

Process matters: cyber security in industrial control systems

Localized Bridging Centrality for Distributed Network Analysis

Contact Info

Product

Resources

About