Hadiosmanovic et al., 2011 - Google Patents
MELISSA: Towards automated detection of undesirable user actions in critical infrastructuresHadiosmanovic et al., 2011
View PDF- Document ID
- 478319640720201376
- Author
- Hadiosmanovic D
- Bolzoni D
- Hartel P
- Etalle S
- Publication year
- Publication venue
- 2011 Seventh European Conference on Computer Network Defense
External Links
Snippet
We address the detection of process-related threats in control systems used in critical infrastructures. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the industrial …
- 238000001514 detection method 0 title abstract description 7
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Error detection; Error correction; Monitoring responding to the occurence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
- H04L41/06—Arrangements for maintenance or administration or management of packet switching networks involving management of faults or events or alarms
- H04L41/0654—Network fault recovery
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hadžiosmanović et al. | A log mining approach for process monitoring in SCADA | |
| Asghar et al. | Cybersecurity in industrial control systems: Issues, technologies, and challenges | |
| AU2021254601B2 (en) | Method and device for managing security in a computer network | |
| Hadiosmanovic et al. | MELISSA: Towards automated detection of undesirable user actions in critical infrastructures | |
| Stergiopoulos et al. | Cyber-attacks on the oil & gas sector: A survey on incident assessment and attack patterns | |
| Yang et al. | Anomaly-based intrusion detection for SCADA systems | |
| Trivedi et al. | Dependability and security models | |
| CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
| Garitano et al. | A review of SCADA anomaly detection systems | |
| US10547634B2 (en) | Non-intrusive digital agent for behavioral monitoring of cybersecurity-related events in an industrial control system | |
| Hadziosmanovic et al. | Challenges and opportunities in securing industrial control systems | |
| Mohammad | A multi-tiered defense model for the security analysis of critical facilities in smart cities | |
| Nasr et al. | Alarm based anomaly detection of insider attacks in SCADA system | |
| CN116861419B (en) | Active defending log alarming method on SSR | |
| KR20180130630A (en) | Vulnerability diagnosing and managing system and method of information system using automatic diagnosis tool | |
| Bernsmed et al. | Forewarned is forearmed: indicators for evaluating information security incident management | |
| Kholidy | State compression and quantitative assessment model for assessing security risks in the oil and gas transmission systems | |
| Kamal et al. | Identifying and scoring vulnerability in scada environments | |
| Wain et al. | Towards a distributed runtime monitor for ICS/SCADA systems | |
| Liu et al. | Framework of probabilistic risk assessment for security and reliability | |
| Smidts et al. | Next-generation architecture and autonomous cyber-defense | |
| Hadziosmanovic et al. | Towards Securing SCADA Systems Against Process-Related Threats | |
| Hadžiosmanović | The process matters: cyber security in industrial control systems | |
| Khand | Attack tree based cyber security analysis of nuclear digital instrumentation and control systems | |
| Henderson et al. | Value modeling for enterprise resilience |