• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>Computer security >Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning
【24h】

Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning

机译:使用机器学习为关键SCADA水基础设施改善SIEM

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
机译:网络控制系统(NAC)已用于许多工业过程。它们旨在减轻人为因素的负担,并有效地处理那些系统的复杂过程和通信。监督控制和数据采集(SCADA)系统用于工业,基础设施和设施过程(例如制造,制造,输油和输水管道,建筑物通风等)。像其他物联网(IoT)实施一样,SCADA系统容易受到攻击因此,网络攻击是一个重要的要求。但是,由于难以区分网络攻击和系统内部故障(例如硬件故障),拥有准确的异常检测系统并非易事。在本文中,我们提出了一个模型,该模型可以检测由SCADA控制的供水系统中的异常事件。六种机器学习技术已用于构建和评估模型。该模型对不同的异常事件进行了分类,包括硬件故障(例如传感器故障),破坏和网络攻击(例如DoS和欺骗)。与其他检测系统不同,我们提出的工作可通过在异常发生时通知操作员其他信息来帮助加快缓解过程。此附加信息包括事件发生的概率和置信度。使用实际数据集对模型进行训练和测试。

著录项

  • 来源
    《Computer security》|2018年|3-19|共17页
  • 会议地点 Barcelona(ES)
  • 作者

    Hanan Hindy; David Brosset; Ethan Bayne; Amar Seeam; Xavier Bellekens;

  • 作者单位

    Division of Cyber Security, Abertay University, Dundee, Scotland, UK;

    Naval Academy Research Institute, Brest, France;

    Division of Cyber Security, Abertay University, Dundee, Scotland, UK;

    Department of Computer Science, Middlesex University, Flic-en-Flac, Mauritius;

    Division of Cyber Security, Abertay University, Dundee, Scotland, UK;

  • 会议组织
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    Cyber-physical systems; Machine learning; SCADA; SIEM;

    机译:网络物理系统;机器学习; SCADA;西门子;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号