Skip to Main content Skip to Navigation
New interface
Conference papers

A Distributed Real-Time Event Correlation Architecture for SCADA Security

Abstract : Supervisory control and data acquisition (SCADA) systems require real-time threat monitoring and early warning systems to identify cyber attacks. Organizations typically employ intrusion detection systems to identify attack events and to provide situational awareness. However, as cyber attacks become more sophisticated, intrusion detection signatures of single events are no longer adequate. Indeed, effective intrusion detection solutions require the correlation of multiple events that are temporally and/or spatially separated. This paper proposes an innovative event correlation mechanism for cyber threat detection, which engages a semantic event hierarchy. Cyber attacks are specified via low-level events detected in the communications and computing infrastructure and correlated to identify attacks of a broader scope. The paper also describes a distributed architecture for real-time event capture, correlation and dissemination. The architecture employs a publish/subscribe mechanism, which decentralizes limited computing resources to distributed field agents in order to enhance real-time attack detection while limiting unnecessary communications overhead.
Document type :
Conference papers
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, February 6, 2017 - 9:45:48 AM
Last modification on : Monday, February 6, 2017 - 9:49:06 AM
Long-term archiving on: : Sunday, May 7, 2017 - 12:31:03 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Yi Deng, Sandeep Shukla. A Distributed Real-Time Event Correlation Architecture for SCADA Security. 7th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2013, Washington, DC, United States. pp.81-93, ⟨10.1007/978-3-642-45330-4_6⟩. ⟨hal-01456894⟩



Record views


Files downloads