An improved industrial control system device logs processing method for process-based anomaly detection

Loading...
Thumbnail Image
File version

Accepted Manuscript (AM)

Author(s)
Hussain, M
Foo, E
Suriadi, S
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
2019
Size
File type(s)
Location

Islamabad, Pakistan

License
Abstract

Detecting process-based attacks on industrial control systems (ICS) is challenging. These cyber-attacks are designed to disrupt the industrial process by changing the state of a system, while keeping the system's behaviour close to the expected behaviour. Such anomalous behaviour can be effectively detected by an event-driven approach. Petri Net (PN) model identification has proved to be an effective method for event-driven system analysis and anomaly detection. However, PN identification-based anomaly detection methods require ICS device logs to be converted into event logs (sequence of events). Therefore, in this paper we present a formalised method for pre-processing and transforming ICS device logs into event logs. The proposed approach outperforms the previous methods of device logs processing in terms of anomaly detection. We have demonstrated the results using two published datasets.

Journal Title
Conference Title

Proceedings - 2019 International Conference on Frontiers of Information Technology, FIT 2019

Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Item Access Status
Note
Access the data
Related item(s)
Subject

Cybersecurity and privacy not elsewhere classified

Persistent link to this record
Citation

Hussain, M; Foo, E; Suriadi, S, An improved industrial control system device logs processing method for process-based anomaly detection, Proceedings - 2019 International Conference on Frontiers of Information Technology, FIT 2019, 2019, pp. 150-155