Detecting cyber attacks on industrial control systems using process mining

Industrial control systems conduct processes which are core to our lives, from the generation, transmission, and distribution of power, to the treatment and supply of water. These industrial control systems are moving from dedicated, serial-based communications to switched and routed corporate networks to facilitate the monitoring and management of an industrial processes. However, this connection to corporate networks can expose industrial control systems to the Internet, placing them at risk of cyber-attack. In this study, we develop and evaluate a process-mining based anomaly detection system to generate process models of, and detect cyber-attacks on, industrial control system processes and devices.