Improving SIEM for critical SCADA water infrastructures using machine learning

Hanan Hindy*, David Brosset, Ethan Bayne, Amar Seeam, Xavier Bellekens

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Citations (Scopus)
333 Downloads (Pure)


Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
Original languageEnglish
Title of host publicationComputer security
Subtitle of host publicationESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers
EditorsSokratis K. Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Annie Antón, Stefanos Gritzalis, John Mylopoulos, Christos Kalloniatis
Number of pages17
ISBN (Electronic)9783030127862
ISBN (Print)9783030127855
Publication statusPublished - 25 Mar 2019
EventInternational Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems - Barcelona, Spain
Duration: 6 Sept 20187 Sept 2018

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems
Abbreviated titleCyberICPS 2018
Internet address


  • Cyber-physical systems
  • Machine learning
  • SIEM


Dive into the research topics of 'Improving SIEM for critical SCADA water infrastructures using machine learning'. Together they form a unique fingerprint.

Cite this