Improving SIEM for critical SCADA water infrastructures using machine learning

Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Xavier Bellekens

Research output: Chapter in Book/Report/Conference proceedingConference contribution

52 Downloads (Pure)

Abstract

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
Original languageEnglish
Title of host publicationComputer security
Subtitle of host publicationESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers
EditorsSokratis K. Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Annie Antón, Stefanos Gritzalis, John Mylopoulos, Christos Kalloniatis
PublisherSpringer
Pages3-19
Number of pages17
ISBN (Electronic)9783030127862
ISBN (Print)9783030127855
DOIs
Publication statusPublished - 25 Mar 2019
EventInternational Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems - Barcelona, Spain
Duration: 6 Sep 20187 Sep 2018
https://www.ds.unipi.gr/cybericps2018/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume11387
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems
Abbreviated titleCyberICPS 2018
CountrySpain
CityBarcelona
Period6/09/187/09/18
Internet address

Fingerprint

Learning systems
Data acquisition
SCADA systems
Water
Water pipelines
Hardware
Human engineering
Ventilation
Control systems
Fabrication
Communication
Sensors

Cite this

Hindy, H., Brosset, D., Bayne, E., Seeam, A., & Bellekens, X. (2019). Improving SIEM for critical SCADA water infrastructures using machine learning. In S. K. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, A. Antón, S. Gritzalis, J. Mylopoulos, ... C. Kalloniatis (Eds.), Computer security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers (pp. 3-19). (Lecture Notes in Computer Science; Vol. 11387). Springer. https://doi.org/10.1007/978-3-030-12786-2
Hindy, Hanan ; Brosset, David ; Bayne, Ethan ; Seeam, Amar ; Bellekens, Xavier. / Improving SIEM for critical SCADA water infrastructures using machine learning. Computer security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers. editor / Sokratis K. Katsikas ; Frédéric Cuppens ; Nora Cuppens ; Costas Lambrinoudakis ; Annie Antón ; Stefanos Gritzalis ; John Mylopoulos ; Christos Kalloniatis. Springer, 2019. pp. 3-19 (Lecture Notes in Computer Science).
@inproceedings{d8fc66528cec4682908b6d0822ed5cf9,
title = "Improving SIEM for critical SCADA water infrastructures using machine learning",
abstract = "Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.",
author = "Hanan Hindy and David Brosset and Ethan Bayne and Amar Seeam and Xavier Bellekens",
year = "2019",
month = "3",
day = "25",
doi = "10.1007/978-3-030-12786-2",
language = "English",
isbn = "9783030127855",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "3--19",
editor = "Katsikas, {Sokratis K.} and Cuppens, {Fr{\'e}d{\'e}ric } and Nora Cuppens and Costas Lambrinoudakis and Annie Ant{\'o}n and Stefanos Gritzalis and John Mylopoulos and Christos Kalloniatis",
booktitle = "Computer security",

}

Hindy, H, Brosset, D, Bayne, E, Seeam, A & Bellekens, X 2019, Improving SIEM for critical SCADA water infrastructures using machine learning. in SK Katsikas, F Cuppens, N Cuppens, C Lambrinoudakis, A Antón, S Gritzalis, J Mylopoulos & C Kalloniatis (eds), Computer security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers. Lecture Notes in Computer Science, vol. 11387, Springer, pp. 3-19, International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, Barcelona, Spain, 6/09/18. https://doi.org/10.1007/978-3-030-12786-2

Improving SIEM for critical SCADA water infrastructures using machine learning. / Hindy, Hanan; Brosset, David ; Bayne, Ethan; Seeam, Amar; Bellekens, Xavier.

Computer security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers. ed. / Sokratis K. Katsikas; Frédéric Cuppens; Nora Cuppens; Costas Lambrinoudakis; Annie Antón; Stefanos Gritzalis; John Mylopoulos; Christos Kalloniatis. Springer, 2019. p. 3-19 (Lecture Notes in Computer Science; Vol. 11387).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Improving SIEM for critical SCADA water infrastructures using machine learning

AU - Hindy, Hanan

AU - Brosset, David

AU - Bayne, Ethan

AU - Seeam, Amar

AU - Bellekens, Xavier

PY - 2019/3/25

Y1 - 2019/3/25

N2 - Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.

AB - Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.

U2 - 10.1007/978-3-030-12786-2

DO - 10.1007/978-3-030-12786-2

M3 - Conference contribution

SN - 9783030127855

T3 - Lecture Notes in Computer Science

SP - 3

EP - 19

BT - Computer security

A2 - Katsikas, Sokratis K.

A2 - Cuppens, Frédéric

A2 - Cuppens, Nora

A2 - Lambrinoudakis, Costas

A2 - Antón, Annie

A2 - Gritzalis, Stefanos

A2 - Mylopoulos, John

A2 - Kalloniatis, Christos

PB - Springer

ER -

Hindy H, Brosset D, Bayne E, Seeam A, Bellekens X. Improving SIEM for critical SCADA water infrastructures using machine learning. In Katsikas SK, Cuppens F, Cuppens N, Lambrinoudakis C, Antón A, Gritzalis S, Mylopoulos J, Kalloniatis C, editors, Computer security: ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers. Springer. 2019. p. 3-19. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-030-12786-2