Title: Security Correlation Analysis System for Insider Threat Detection of Industrial Control System

Year of Publication: Dec - 2014
Page Numbers: 49-53
Authors: Young-jun Heo , Seon-gyoung Sohn, Jung-chan Na and Beom-hwan Chang
Conference Name: The International Conference in Information Security and Digital Forensics (ISDF2014)
- Greece


The security accident is increasing in industrial infrastructure. The security of industrial control system is caused not only by deliberate acts of external attacker but also by sometimes inadvertent threats of legitimate inner operator. The latter can ultimately have more devastating consequences. Industrial control system works deterministic and restrictive operation. The anomaly communication patterns may be relevant to attack activities or misconfiguration of operator. To detect these threats in industrial control system, we propose security data objects that describe operation and state of system and security correlation analysis system that collects and analyzes these objects and detects intrusion or anomaly state of system. Our approach may provide complementary detection ability for protecting internal threat of industrial infrastructure.