Security Correlation Analysis System for Insider Threat Detection of Industrial Control System
نویسندگان
چکیده
The security accident is increasing in industrial infrastructure. The security of industrial control system is caused not only by deliberate acts of external attacker but also by sometimes inadvertent threats of legitimate inner operator. The latter can ultimately have more devastating consequences. Industrial control system works deterministic and restrictive operation. The anomaly communication patterns may be relevant to attack activities or misconfiguration of operator. To detect these threats in industrial control system, we propose security data objects that describe operation and state of system and security correlation analysis system that collects and analyzes these objects and detects intrusion or anomaly state of system. Our approach may provide complementary detection ability for protecting internal threat of industrial infrastructure.
منابع مشابه
Toward an Insider Threat Detection Framework Using Honey Permissions
The insider threat remains one of the most serious challenges to computer security. An insider attack occurs when an authorized user misuses his privileges and causes damages to the organization. Deception techniques have served as a common solution to insider threat detection, and several techniques, such as approaches based on honey entities, have been proposed. On the other hand, access cont...
متن کاملAn Authorization Framework for Database Systems
Today, data plays an essential role in all levels of human life, from personal cell phones to medical, educational, military and government agencies. In such circumstances, the rate of cyber-attacks is also increasing. According to official reports, data breaches exposed 4.1 billion records in the first half of 2019. An information system consists of several components, which one of the most im...
متن کاملGuest Editorial: Insider Threat Solutions - Moving from Concept to Reality
As society has embraced technology and systems to promote services, trade and ubiquitous communication, it has also inadvertently exposed itself to a plethora of security risks. One of the most significant of these risks is that of insider threat, where privileged insiders (be they employees or trusted thirdparties) within an enterprise, intentionally or inadvertently cause harm their organisat...
متن کاملDetection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis
Cyber security is vital to the success of today’s digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges assoc...
متن کاملDeep Learning for Unsupervised Insider Threat Detection in Structured Cybersecurity Data Streams
Analysis of an organization’s computer network activity is a key component of early detection and mitigation of insider threat, a growing concern for many organizations. Raw system logs are a prototypical example of streaming data that can quickly scale beyond the cognitive power of a human analyst. As a prospective filter for the human analyst, we present an online unsupervised deep learning a...
متن کامل