Title: Behaviour analysis techniques for supporting critical infrastructure security

Authors: William Hurst; Madjid Merabti; Paul Fergus

Addresses: PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection, School of Computing and Mathematical Sciences, Liverpool John Moores University, Byrom Street, Liverpool, L3 3AF, UK ' PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection, School of Computing and Mathematical Sciences, Liverpool John Moores University, Byrom Street, Liverpool, L3 3AF, UK ' PROTECT: Research Centre for Critical Infrastructure Computer Technology and Protection, School of Computing and Mathematical Sciences, Liverpool John Moores University, Byrom Street, Liverpool, L3 3AF, UK

Abstract: Protecting critical infrastructures from cyber-threats in an increasingly digital age is a matter of growing urgency for governments and private industries across the globe. In a climate where cyber safety is an uncertainty, fresh and adaptive solutions to existing computer security approaches are a must. In this paper, we present our approach to supporting critical infrastructure security. Data is constructed from a critical infrastructure simulation, developed using Siemens Tecnomatix Plant Simulator and the programming language SimTalk. The data collected from the simulation, when both functioning as normal and during a cyber-attack scenario, is done through the use of observers. By extracting features from the data collected, threats to the system are identified by modelling system behaviour and identifying changes in patterns of activity by using three data classification techniques.

Keywords: critical infrastructures; cyber attacks; data classification; behavioural observation; simulation; behaviour analysis; critical infrastructure security; infrastructure protection; feature extraction; infrastructure threats; modelling; activity patterns.

DOI: 10.1504/IJCIS.2014.066358

International Journal of Critical Infrastructures, 2014 Vol.10 No.3/4, pp.267 - 287

Available online: 17 Dec 2014 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article