Abstract
Intrusion detection in Supervisory Control and Data Acquisition (SCADA) systems is of major importance nowadays. Most of the systems are designed without cyber security in mind, since interconnection with other systems through unsafe channels, is becoming the rule during last years. The de-isolation of SCADA systems make them vulnerable to attacks, disrupting its correct functioning and tampering with its normal operation. In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system, based on the combination of One-Class Support Vector Machine (OCSVM) with RBF kernel and recursive k-means clustering. The combination of OCSVM with recursive k-means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters σ and ν, making it ideal for real-time intrusion detection mechanisms for SCADA systems. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. The module is part of an IDS (Intrusion Detection System) system developed under CockpitCI project.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
