MATEC Web Conf.
Volume 173, 20182018 International Conference on Smart Materials, Intelligent Manufacturing and Automation (SMIMA 2018)
|Number of page(s)||9|
|Section||Digital Signal and Image Processing|
|Published online||19 June 2018|
Inside the Closed World: User and Device Profile Analytics for SCADA Security
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, 100195 E-park C1 Norh, No. 80 Xingshikou Road, Haidian District, Beijing, China
2 School of Cyber Security, University of Chinese Academy of Sciences, 100049 No.19(A) Yuquan Road, Shijingshan District, Beijing, P.R.China
* Corresponding author: email@example.com
Attacks that use sophisticated and complex methods in-creased recently, aiming to infiltrate the Supervisory Control and Data Acquisition (SCADA) system and stay undetected. Therefore, attackers often get access to authorized permissions of SCADA and bring catastrophic damages by sending ‘legitimate’ control commands. Furthermore, insiders may also misuse or abuse their permissions to damage SCADA system, which is difficult to predict and protect against them. Most existing security systems employ standard signature-based or anomaly-based approaches, which are not able to identify this type of malicious activities. In this paper, we use machine learning algorithms based on Singular Values Decomposition (SVD) to create profiles of users and devices. The major contribution of this paper is providing a general process to detect anomalies, independent of specific use-cases. Suspicious actions are altered to analysts with relevant contextual information for further investigation and action. We provide detailed description of algorithms, methodology, processing of profiling and anomaly detection. Having profiles of different users and devices can provide us a baseline of normal behavior to compare against unusual behaviors. To demonstrate the proposed method, attack scenarios have been simulated at a Compressed Natural Gas (CNG) system in our lab. Experimental results illustrate that the proposed method is effective for abnormal behaviors in SCADA system.
© The Authors, published by EDP Sciences, 2018
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.