Process Discovery for Industrial Control System Cyber Attack Detection

Abstract : Industrial Control Systems (ICSs) are moving from dedicated communications to Ethernet-based interconnected networks, placing them at risk of cyber attack. ICS networks are typically monitored by an Intrusion Detection System (IDS), however traditional IDSs do not detect attacks which disrupt the control flow of an ICS. ICSs are unique in the repetition and restricted number of tasks that are undertaken. Thus there is the opportunity to use Process Mining, a series of techniques focused on discovering, monitoring and improving business processes, to detect ICS control flow anomalies. In this paper we investigate the suitability of various process mining discovery algorithms for the task of detecting cyber attacks on ICSs by examining logs from control devices. Firstly, we identify the requirements of this unique environment, and then evaluate the appropriateness of several commonly used process discovery algorithms to satisfy these requirements. Secondly, the comparison was performed and validated using ICS logs derived from a case study, containing successful attacks on industrial control systems. Our research shows that the Inductive Miner process discovery method, without the use of noise filtering, is the most suitable for discovering a process model that is effective in detecting cyber-attacks on industrial control systems, both in time spent and accuracy.
Type de document :
Communication dans un congrès
Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.61-75, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_5〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01649023
Contributeur : Hal Ifip <>
Soumis le : lundi 27 novembre 2017 - 10:32:36
Dernière modification le : lundi 27 novembre 2017 - 10:33:58

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

David Myers, Kenneth Radke, Suriadi Suriadi, Ernest Foo. Process Discovery for Industrial Control System Cyber Attack Detection. Sabrina De Capitani di Vimercati; Fabio Martinelli. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-502, pp.61-75, 2017, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-58469-0_5〉. 〈hal-01649023〉

Partager

Métriques

Consultations de la notice

92