CTIT University of Twente
Research Business & Innovation About CTIT Research Calls Looking for a job? Intranet

Hermes (Ministry of Interior)

Host-based Event Mining in SCADA systems

Project Number: 2010-0000066847

Project Manager: Prof. dr. Sandro Etalle

Faculty of Electrical Engineering, Mathematics and Computer Science

Tel.: +31-53--4891195

Email: sandro.etalle@utwente.nl

Project website: Hermes


Like other safety critical systems, SCADA systems produce logs that can be used to reconstruct what has happened at a given facility. These logs contain information that could be used for early detection of misuses or unsafe settings involuntarily introduced by operators. However, these logs are too large to be constantly monitored by humans: even a small installation can easily generate up to 10K events per day. Since harmful events are rare and human resources are scarce, these logs are analyzed only post-mortem, after a serious incident has been identified.

The goal of this project is to develop an automatic log analysis system that select potentially harmful sequence of events out of facility logs. The system should notify the supervisors when a potentially harmful event has taken place, allowing for early detection of incident. The main idea is to detect events that could (I) be anomalous because generated by an attacker or (II) result in an unsafe status/disruption of the system because of erroneous settings performed by operators.

Project duration: March 2010 - March 2014

Project budget: € 140.490

Number of person/years:

Project Coordinator: Security Matters (CTIT spin-off)

Participants: Security Matters, ABB, Waternet

Involved groups: Distributed and Embedded Security (DIES)