dc.contributor.author | Rahman, A | |
dc.contributor.author | Xu, Y | |
dc.contributor.author | Radke, K | |
dc.contributor.author | Foo, E | |
dc.date.accessioned | 2020-03-25T01:31:43Z | |
dc.date.available | 2020-03-25T01:31:43Z | |
dc.date.issued | 2016 | |
dc.identifier.isbn | 9783319462974 | |
dc.identifier.issn | 0302-9743 | |
dc.identifier.doi | 10.1007/978-3-319-46298-1_32 | |
dc.identifier.uri | http://hdl.handle.net/10072/392609 | |
dc.description.abstract | Pattern mining is a branch of data mining used to discover hidden patterns or correlations among data. We use rare sequential pattern mining to find anomalies in critical infrastructure control networks such as supervisory control and data acquisition (SCADA) networks. As anomalous events occur rarely in a system and SCADA systems’ topology and actions do not change often, we argue that some anomalies can be detected using rare sequential pattern mining. This anomaly detection would be useful for intrusion detection or erroneous behaviour of a system. Although research into rare itemsets mining previously exists, neither research into rare sequential pattern mining nor its applicability to SCADA system anomaly detection has previously been completed. Moreover, since there is no consideration to events order, the applicability to intrusion detection in SCADA is minimal. By ensuring the events’ order is maintained, in this paper, we propose a novel Rare Sequential Pattern Mining (RSPM) technique which is a useful anomaly detection system for SCADA. We compared our algorithm with a rare itemset mining algorithm and found anomalous events in SCADA logs. | |
dc.description.peerreviewed | Yes | |
dc.publisher | Springer International Publishing | |
dc.relation.ispartofconferencename | 10th International Conference on Network and System Security (NSS 2016) | |
dc.relation.ispartofconferencetitle | Network and System Security | |
dc.relation.ispartofdatefrom | 2016-09-28 | |
dc.relation.ispartofdateto | 2016-09-30 | |
dc.relation.ispartoflocation | Taipei, Taiwan | |
dc.relation.ispartofpagefrom | 499 | |
dc.relation.ispartofpageto | 506 | |
dc.relation.ispartofseries | Lecture Notes in Computer Science | |
dc.relation.ispartofvolume | 9955 | |
dc.subject.fieldofresearch | Pattern recognition | |
dc.subject.fieldofresearch | Data mining and knowledge discovery | |
dc.subject.fieldofresearchcode | 460308 | |
dc.subject.fieldofresearchcode | 460502 | |
dc.title | Finding anomalies in SCADA logs using rare sequential pattern mining | |
dc.type | Conference output | |
dc.type.description | E1 - Conferences | |
dcterms.bibliographicCitation | Rahman, A; Xu, Y; Radke, K; Foo, E, Finding anomalies in SCADA logs using rare sequential pattern mining, Network and System Security, 2016, 9955, pp. 499-506 | |
dc.date.updated | 2020-03-25T01:25:05Z | |
dc.description.version | Accepted Manuscript (AM) | |
gro.rights.copyright | © Springer International Publishing AG 2016. This is the author-manuscript version of this paper. Reproduced in accordance with the copyright policy of the publisher. The original publication is available at www.springerlink.com | |
gro.hasfulltext | Full Text | |
gro.griffith.author | Foo, Ernest | |