We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.
|Title of host publication||Proceedings of the European Conference on Computer Network Defense (EC2ND, Gothenburg, Sweden, September 6-7, 2011)|
|Publisher||IEEE Computer Society|
|Publication status||Published - 2011|