Dina Hadziosmanovic, D. Bolzoni, P. Hartel, S. Etalle
{"title":"梅丽莎:在关键基础设施中自动检测不受欢迎的用户行为","authors":"Dina Hadziosmanovic, D. Bolzoni, P. Hartel, S. Etalle","doi":"10.1109/EC2ND.2011.10","DOIUrl":null,"url":null,"abstract":"We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.","PeriodicalId":404689,"journal":{"name":"2011 Seventh European Conference on Computer Network Defense","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures\",\"authors\":\"Dina Hadziosmanovic, D. Bolzoni, P. Hartel, S. Etalle\",\"doi\":\"10.1109/EC2ND.2011.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.\",\"PeriodicalId\":404689,\"journal\":{\"name\":\"2011 Seventh European Conference on Computer Network Defense\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Seventh European Conference on Computer Network Defense\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EC2ND.2011.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Seventh European Conference on Computer Network Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EC2ND.2011.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
MELISSA: Towards Automated Detection of Undesirable User Actions in Critical Infrastructures
We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial process. We use logs to detect anomalous patterns of user actions on process control application. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
