Year-end Sale % OFF 
Abstract
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. In order to decrease the overhead induced by communicated alarms we propose a new detection mechanism that is based on the combination of OCSVM with a recursive k-means clustering procedure. The proposed intrusion detection module K??OCSVMis capable to distinguish severe alarms from possible attacks regardless of the values of parameters and , making it ideal for real-time intrusion detection mechanisms for SCADA systems. The most severe alarms are then communicated with the use of IDMEF files to an IDSIDS (Intrusion Detection System) system that is developed under CockpitCI project. Alarm messages carry information about the source of the incident, the time of the intrusion and a classification of the alarm.
Highlights
Cyber-physical systems are becoming vital to modernizing the national critical infrastructure systems
Cyber-attacks against SCADA systems [14] are considered extremely dangerous for Critical Infrastructure (CI) operation and must be addressed in a specific way [15], [16]
Since OCSVM does not require any signatures of data to build the detection model it is well suited for intrusion detection in SCADA environment
Summary
Cyber-physical systems are becoming vital to modernizing the national critical infrastructure systems. In real applications though, during abnormal situations, the behavior of the system cannot be predicted and does not follow any known pattern or rule This characteristic makes rule based algorithms incapable of detecting the intrusion. Anomaly detection can be regarded as binary classification problem and many classification algorithms which are utilized for detecting anomalies, such as neural networks, support vector machines, K-nearest neighbour (KNN) and Hidden Markov model can be used Strictly speaking, they are not intrusion detection algorithms, as they require knowing what kind of anomaly is expecting, which deviates the fundamental object of intrusion detection. Negative selection only works for a standard sequence, which is not suitable for online detection Other algorithms, such as time series analysis are introduced to anomaly detections, and again, they may not be suitable for most of the real application cases. Several extensions of OCSVM method have been introduced lately [6]–[8]
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Research in Artificial Intelligence
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
