Threat-Intelligence-Machine-Learning-Approach-to-ICS-Security-

The growing network connectivity witnessed in Supervisory Control and Data Acquisition (SCADA) systems raises cyber security concerns for Industrial Control System (ICS) facilities. To sustain critical infrastructure objective principles such as confidentiality, integrity, and availability from security breaches or devastating cyberattacks, compelling, proactive, and continuous security monitoring is needed. In this study, we propose a process to build an intelligent backend and visual system to handle real time data analytics. For that we demonstrate the use of the Security Information and Event Management (SIEM) tool, Splunk, to aggregate operational intelligence including network, system, and user behavior data. Also, to transform collected raw data into Indicators of Compromise (IOC) added intelligence data, we demonstrate the use of open source threat intelligence platforms. Real time analytics is then applied to prepared intelligence test data using MATLAB. With the proof of concept tool, Tableau, we present ICS system visual solutions, which can support security personnel to make decisions, understand concepts, or foresee the network problems.