International Journal of Information Security

, Volume 11, Issue 4, pp 231–251

A log mining approach for process monitoring in SCADA


    • University of Twente
  • Damiano Bolzoni
    • University of Twente
  • Pieter H. Hartel
    • University of Twente

DOI: 10.1007/s10207-012-0163-8


SCADA (supervisory control and data acquisition) systems are used for controlling and monitoring industrial processes. We propose a methodology to systematically identify potential process-related threats in SCADA. Process-related threats take place when an attacker gains user access rights and performs actions, which look legitimate, but which are intended to disrupt the SCADA process. To detect such threats, we propose a semi-automated approach of log processing. We conduct experiments on a real-life water treatment facility. A preliminary case study suggests that our approach is effective in detecting anomalous events that might alter the regular process workflow.


ICS SCADA Security SCADA log Log analysis Frequent pattern mining Process related threat HAZOP PHEA MELISSA

Open Access

This article is distributed under the terms of the Creative Commons Attribution License which permits any use, distribution, and reproduction in any medium, provided the original author(s) and the source are credited.

Copyright information

© The Author(s) 2012