Show simple item record

dc.contributor.authorMyers, D
dc.contributor.authorRadke, K
dc.contributor.authorSuriadi, S
dc.contributor.authorFoo, E
dc.date.accessioned2020-03-25T01:16:09Z
dc.date.available2020-03-25T01:16:09Z
dc.date.issued2017
dc.identifier.isbn9783319584683
dc.identifier.issn1868-4238
dc.identifier.doi10.1007/978-3-319-58469-0_5
dc.identifier.urihttp://hdl.handle.net/10072/392606
dc.description.abstractIndustrial Control Systems (ICSs) are moving from dedicated communications to Ethernet-based interconnected networks, placing them at risk of cyber attack. ICS networks are typically monitored by an Intrusion Detection System (IDS), however traditional IDSs do not detect attacks which disrupt the control flow of an ICS. ICSs are unique in the repetition and restricted number of tasks that are undertaken. Thus there is the opportunity to use Process Mining, a series of techniques focused on discovering, monitoring and improving business processes, to detect ICS control flow anomalies. In this paper we investigate the suitability of various process mining discovery algorithms for the task of detecting cyber attacks on ICSs by examining logs from control devices. Firstly, we identify the requirements of this unique environment, and then evaluate the appropriateness of several commonly used process discovery algorithms to satisfy these requirements. Secondly, the comparison was performed and validated using ICS logs derived from a case study, containing successful attacks on industrial control systems. Our research shows that the Inductive Miner process discovery method, without the use of noise filtering, is the most suitable for discovering a process model that is effective in detecting cyber-attacks on industrial control systems, both in time spent and accuracy.
dc.description.peerreviewedYes
dc.publisherSpringer
dc.relation.ispartofconferencename32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017)
dc.relation.ispartofconferencetitleICT Systems Security and Privacy Protection
dc.relation.ispartofdatefrom2017-05-29
dc.relation.ispartofdateto2017-05-31
dc.relation.ispartoflocationRome, Italy
dc.relation.ispartofpagefrom61
dc.relation.ispartofpageto75
dc.relation.ispartofseriesIFIP Advances in Information and Communication Technology
dc.relation.ispartofvolume502
dc.subject.fieldofresearchArtificial Intelligence and Image Processing
dc.subject.fieldofresearchComputer System Security
dc.subject.fieldofresearchInformation Systems
dc.subject.fieldofresearchcode0801
dc.subject.fieldofresearchcode080303
dc.subject.fieldofresearchcode0806
dc.titleProcess discovery for industrial control system cyber attack detection
dc.typeConference output
dc.type.descriptionE1 - Conferences
dcterms.bibliographicCitationMyers, D; Radke, K; Suriadi, S; Foo, E, Process discovery for industrial control system cyber attack detection, ICT Systems Security and Privacy Protection , 2017, 502, pp. 61-75
dc.date.updated2020-03-25T01:10:49Z
dc.description.versionAccepted Manuscript (AM)
gro.rights.copyright© IFIP International Federation for Information Processing 2017. This is the author-manuscript version of this paper. Reproduced in accordance with the copyright policy of the publisher. Please refer to the conference's website for access to the definitive, published version.
gro.hasfulltextFull Text
gro.griffith.authorFoo, Ernest


Files in this item

This item appears in the following Collection(s)

  • Conference outputs
    Contains papers delivered by Griffith authors at national and international conferences.

Show simple item record