CAPTAR: Causal-polytree-based anomaly reasoning for SCADA networks

Wenyu Ren, Tuo Yu, Timothy Yardley, Klara Nahrstedt

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Supervisory Control and Data Acquisition (SCADA) system is the most commonly used industrial control system but is subject to a wide range of serious threats. Intrusion detection systems are deployed to promote the security of SCADA systems, but they continuously generate tremendous number of alerts without further comprehending them. There is a need for an efficient system to correlate alerts and discover attack strategies to provide explainable situational awareness to SCADA operators. In this paper, we present a causal-polytree-based anomaly reasoning framework for SCADA networks, named CAPTAR. CAPTAR takes the meta-alerts from our previous anomaly detection framework EDMAND, correlates the them using a naive Bayes classifier, and matches them to predefined causal polytrees. Utilizing Bayesian inference on the causal polytrees, CAPTAR can produces a high-level view of the security state of the protected SCADA network. Experiments on a prototype of CAPTAR proves its anomaly reasoning ability and its capabilities of satisfying the real-time reasoning requirement.

Original languageEnglish (US)
Title of host publication2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538680995
DOIs
StatePublished - Oct 2019
Event2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019 - Beijing, China
Duration: Oct 21 2019Oct 23 2019

Publication series

Name2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019

Conference

Conference2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019
CountryChina
CityBeijing
Period10/21/1910/23/19

    Fingerprint

Keywords

  • Anomaly reasoning
  • Causal analysis
  • SCADA
  • Smart Grid

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Energy Engineering and Power Technology
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality
  • Control and Optimization
  • Transportation

Cite this

Ren, W., Yu, T., Yardley, T., & Nahrstedt, K. (2019). CAPTAR: Causal-polytree-based anomaly reasoning for SCADA networks. In 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019 [8909766] (2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2019.8909766