Abstract
Standard approaches for detecting malicious behaviors, e.g. monitoring network traffic, cannot address process-related threats in SCADA(Supervisory Control And Data Acquisition) systems. These threats take place when an attacker gains user access rights and performs actions which look legitimate, but which can disrupt the industrial process. We believe that it is possible to detect such behavior by analysing SCADA system logs. We present MEDUSA, an anomaly-based tool for detecting user actions that may negatively impact the system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bigham, J., Gamez, D., Lu, N.: Safeguarding scada systems with anomaly detection. In: MMMACNS 2003: Proc. 2nd International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security. LNCS, pp. 171–182. Springer, Heidelberg (2003)
Chittester, C.G., Haimes, Y.Y.: Risks of terrorism to information technology and to critical interdependent infrastructures. Journal of Homeland Security and Emergency Management, Article 402 1(4), 341–348 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hadžiosmanović, D., Bolzoni, D., Hartel, P. (2010). MEDUSA: Mining Events to Detect Undesirable uSer Actions in SCADA. In: Jha, S., Sommer, R., Kreibich, C. (eds) Recent Advances in Intrusion Detection. RAID 2010. Lecture Notes in Computer Science, vol 6307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15512-3_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-15512-3_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15511-6
Online ISBN: 978-3-642-15512-3
eBook Packages: Computer ScienceComputer Science (R0)