Machine Learning for Reliable Network Attack Detection in SCADA Systems
| Title | Machine Learning for Reliable Network Attack Detection in SCADA Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Perez, R. Lopez, Adamsky, F., Soua, R., Engel, T. |
| Conference Name | 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) |
| ISBN Number | 978-1-5386-4388-4 |
| Keywords | anomaly detection, composability, control engineering computing, critical infrastructures, data normalization, F1 score, gas pipeline system, Human Behavior, Intrusion Detection Systems, learning (artificial intelligence), machine learning, malicious intrusions, missing data estimation, network attack detection, network attacks, open SCADA protocols, Payloads, Pipelines, Protocols, pubcrawl, Random Forest, Resiliency, SCADA, SCADA systems, SCADA Systems Security, security of data, supervisory control and data acquisition systems, support vector machine, Support vector machines, SVM, Training |
| Abstract | Critical Infrastructures (CIs) use Supervisory Control And Data Acquisition (SCADA) systems for remote control and monitoring. Sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety due to the massive spread of connectivity and standardisation of open SCADA protocols. Traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. Therefore, in this paper, we assess Machine Learning (ML) for intrusion detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU). The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), and Random Forest (RF) are assessed in terms of accuracy, precision, recall and F1score for intrusion detection. Two cases are differentiated: binary and categorical classifications. Our experiments reveal that RF detect intrusions effectively, with an F1score of respectively \textbackslashtextgreater 99%. |
| URL | https://ieeexplore.ieee.org/document/8455962 |
| DOI | 10.1109/TrustCom/BigDataSE.2018.00094 |
| Citation Key | perez_machine_2018 |
- open SCADA protocols
- Training
- SVM
- Support vector machines
- support vector machine
- supervisory control and data acquisition systems
- security of data
- SCADA Systems Security
- SCADA systems
- SCADA
- Resiliency
- Random Forest
- pubcrawl
- Protocols
- Pipelines
- Payloads
- Anomaly Detection
- network attacks
- network attack detection
- missing data estimation
- malicious intrusions
- machine learning
- learning (artificial intelligence)
- Intrusion Detection Systems
- Human behavior
- gas pipeline system
- F1 score
- data normalization
- critical infrastructures
- control engineering computing
- composability