MELISSA: Towards automated detection of undesirable user actions in critical infrastructures

D. Hadziosmanovic; D. Bolzoni; P.H. Hartel; S. Etalle

doi:10.1109/EC2ND.2011.10

MELISSA: Towards automated detection of undesirable user actions in critical infrastructures

D. Hadziosmanovic, D. Bolzoni, P.H. Hartel, S. Etalle

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

14 Citations (Scopus)

222 Downloads (Pure)

Abstract

We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.

Original language	English
Title of host publication	Proceedings of the European Conference on Computer Network Defense (EC2ND, Gothenburg, Sweden, September 6-7, 2011)
Publisher	IEEE Computer Society
Pages	41-48
ISBN (Print)	978-1-4673-2116-7
DOIs	https://doi.org/10.1109/EC2ND.2011.10
Publication status	Published - 2011

Access to Document

10.1109/EC2ND.2011.10

publishers versionFinal published version, 6.42 MB

Cite this

@inproceedings{18aa3a228c184fd9856fa89023732761,

title = "MELISSA: Towards automated detection of undesirable user actions in critical infrastructures",

abstract = "We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.",

author = "D. Hadziosmanovic and D. Bolzoni and P.H. Hartel and S. Etalle",

year = "2011",

doi = "10.1109/EC2ND.2011.10",

language = "English",

isbn = "978-1-4673-2116-7",

pages = "41--48",

booktitle = "Proceedings of the European Conference on Computer Network Defense (EC2ND, Gothenburg, Sweden, September 6-7, 2011)",

publisher = "IEEE Computer Society",

address = "United States",

}

MELISSA: Towards automated detection of undesirable user actions in critical infrastructures. / Hadziosmanovic, D.; Bolzoni, D.; Hartel, P.H. et al.
Proceedings of the European Conference on Computer Network Defense (EC2ND, Gothenburg, Sweden, September 6-7, 2011). IEEE Computer Society, 2011. p. 41-48.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - MELISSA: Towards automated detection of undesirable user actions in critical infrastructures

AU - Hadziosmanovic, D.

AU - Bolzoni, D.

AU - Hartel, P.H.

AU - Etalle, S.

PY - 2011

Y1 - 2011

N2 - We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.

AB - We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.

U2 - 10.1109/EC2ND.2011.10

DO - 10.1109/EC2ND.2011.10

M3 - Conference contribution

SN - 978-1-4673-2116-7

SP - 41

EP - 48

BT - Proceedings of the European Conference on Computer Network Defense (EC2ND, Gothenburg, Sweden, September 6-7, 2011)

PB - IEEE Computer Society

ER -

MELISSA: Towards automated detection of undesirable user actions in critical infrastructures

Abstract

Access to Document

Fingerprint

Cite this