An approach to detect malicious activities in SCADA systems

Abstract

Supervisory Control and Data Acquisition System (SCADA) is an emerging application for industrial automation. It is being widely used in critical infrastructure for monitoring and controlling the activities. The collaborative environment and interconnectivity of SCADA system needs communications and transmission of sensed real time data like status of machines, breaks and leakages in the system across various devices in the industrial plant. Such real time data provoke security breaches to SCADA systems and results in compromise of availability, integrity, confidentiality and trust relationship between the devices of SCADA systems. As the numbers of deliberate cyber attacks on these systems are increasing, providing a scheme to identify malicious activities and defend the attacks; thereby create secure environment for SCADA systems is an essential task. By considering constraints and efficiency requirements for such networks, we are proposing a scheme that uses Log to identify some malicious activities through continuous monitoring. In Log, we have only prioritized some parameters that help us to detect some vulnerable activities and at node level by using cooperative monitoring the nodes itself takes care of some attacks. In this new approach Log analysis for the identification of malicious activities is made using cluster based architecture. This work also considers the constraints of the SCADA system thereby providing an elegant identification of malicious activities for the current SCADA system.