Host-based Event Mining in SCADA systems
Project Number: 2010-0000066847
Project Manager: Prof. dr. Sandro Etalle
Faculty of Electrical Engineering, Mathematics and Computer Science
Project website: Hermes
Like other safety critical systems, SCADA systems produce logs that can be used to reconstruct what has happened at a given facility. These logs contain information that could be used for early detection of misuses or unsafe settings involuntarily introduced by operators. However, these logs are too large to be constantly monitored by humans: even a small installation can easily generate up to 10K events per day. Since harmful events are rare and human resources are scarce, these logs are analyzed only post-mortem, after a serious incident has been identified.
The goal of this project is to develop an automatic log analysis system that select potentially harmful sequence of events out of facility logs. The system should notify the supervisors when a potentially harmful event has taken place, allowing for early detection of incident. The main idea is to detect events that could (I) be anomalous because generated by an attacker or (II) result in an unsafe status/disruption of the system because of erroneous settings performed by operators.
Project duration: March 2010 - March 2014
Project budget: € 140.490
Number of person/years:
Project Coordinator: Security Matters (CTIT spin-off)
Participants: Security Matters, ABB, Waternet
Involved groups: Distributed and Embedded Security (DIES)