Intrusion Detection of SCADA System Using Machine Learning Techniques

Abstract

The integration of network of different sensors, actuators, and processing system of Internet of Things (IoT) with industrial control system (ICS) helps industries in optimizing logistics and supply chain to production flow monitoring, and ensuring better quality control and safety. Supervisory control and data acquisition (SCADA), or the core of the ICS, is however, susceptible to various network attacks such as denial of service (DoS), injection, and buffer overflow for the underlying security flaws in the communication protocols in IoT. The anomalies detected in network traffic pattern as a consequence of a majority of these attacks are classified as intrusion by the different classification algorithms in machine learning (ML). Classifiers such as support vector machine (SVM), neural network, decision tree, Random Forest, and k-nearest neighbors have shown impressive results in detecting intrusions targeted to disrupt integrity, availability, or authorization. This chapter presents the security goals, attacks, and underlying vulnerabilities of commonly used Industrial Internet of Things (IIoT) protocols. Some of the prominent existing works on intrusion detection in SCADA are also discussed. Finally, a comparison on different ML classification effectiveness parameters is presented; five commonly used ML classifiers on the man-in-the-middle attack show the effectiveness of various ML classifiers in detecting intrusion.