Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset

Improving SIEM for critical SCADA water infrastructures using machine learning

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset. Document type: Part of book or chapter of boo

Desarrollo de un firewall con una arquitectura de bajo costo para sistemas de monitoreo y control en redes industriales.

Desarrollo de un firewall embebido para sistemas Scada de bajo costo bajo una arquitectura Raspberry el cual se orienta al escaneo de paquetes en redes industriales empleando hardware y software de arquitectura abierta. Un recorrido por la metodología requerida para la implementación y validación correcta de una herramienta para detección de vulnerabilidades demostrando su funcionalidad en este tipo de entornos industriales el cual se enfoca a infraestructuras críticas. Dentro del documento se podrá visualizar tanto la implementación como la configuración y adecuación de hardware y software para alcanzar el objetivo estipulado para un firewall; comprendiendo la gestión adecuada de bajos recursos los cuales pueden ser de relevancia en el campo de la seguridad informática.Development of an embedded firewall for scada systems of low cost under a raspberry architecture which is oriented to the scanning of packages in industrial networks using open architecture hardware and software. A tour through the methodology required for the implementation and correct validation of a vulnerabilities detection tool demonstrating its functionality in this type of industrial environments which focuses on critical infrastructures. Within the document it will be possible to visualize both the implementation and the configuration and adaptation of hardware and software to reach the stipulated objective for a firewall; understanding the adequate management of low resources which may be relevant in the field of computer security