Intrusion detection in SCADA systems using machine learning techniques
- Resource Type
- Conference
- Authors
- Maglaras, Leandros A.; Jiang, Jianmin
- Source
- 2014 Science and Information Conference Science and Information Conference (SAI), 2014. :626-631 Aug, 2014
- Subject
- Communication, Networking and Broadcast Technologies
Components, Circuits, Devices and Systems
Computing and Processing
Engineered Materials, Dielectrics and Plasmas
Engineering Profession
Fields, Waves and Electromagnetics
General Topics for Engineers
Geoscience
Robotics and Control Systems
Signal Processing and Analysis
Training
Intrusion detection
Data models
Kernel
SCADA systems
Monitoring
Support vector machines
OCSVM
intrusion detection
- Language
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. The module is part of an IDS (Intrusion Detection System) system developed under CockpitCI project and communicates with the other parts of the system by the exchange of IDMEF (Intrusion Detection Message Exchange Format) messages that carry information about the source of the incident, the time and a classification of the alarm.