Contextual Intrusion Alerts for SCADA Networks

Abdullah Salim Ali Al Balushi, Kieran McLaughlin, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The complexity of modern SCADA networks and their associated cyber-attacks requires an expressive but flexible manner for representing both domain knowledge and collected intrusion alerts with the ability to integrate them for enhanced analytical capabilities and better understanding of attacks. This paper proposes an ontology-based approach for contextualized intrusion alerts in SCADA networks. In this approach, three security ontologies were developed to represent and store information on intrusion alerts, Modbus communications, and Modbus attack descriptions. This information is correlated into enriched intrusion alerts using simple ontology logic rules written in Semantic Query-Enhanced Web Rules (SQWRL). The contextualized alerts give analysts the means to better understand evolving attacks and to uncover the semantic relationships between sequences of individual attack events. The proposed system is illustrated by two use case scenarios.
Original languageEnglish
Title of host publicationProceedings of the 2nd International Conference on Information Systems Security and Privacy
Pages457-464
Number of pages8
ISBN (Electronic)978-989-758-167-0
DOIs
Publication statusPublished - 21 Feb 2016
Event2nd International Conference on Information Systems Security and Privacy - Barceló Aran Mantegna Hotel, Rome, Italy
Duration: 19 Jan 201621 Feb 2016

Conference

Conference2nd International Conference on Information Systems Security and Privacy
Country/TerritoryItaly
CityRome
Period19/01/201621/02/2016

Fingerprint

Dive into the research topics of 'Contextual Intrusion Alerts for SCADA Networks'. Together they form a unique fingerprint.

Cite this