SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds.
|Title of host publication||Security Solutions and Applied Cryptography in Smart Grid Communications|
|Subtitle of host publication||Advances in Information Security, Privacy, and Ethics|
|Editors||Mohamed Amine Ferrag, Ahmed Ahmim|
|Number of pages||19|
|Publication status||Published - 2017|
|Name||Security Solutions and Applied Cryptography in Smart Grid Communications|
Maglaras, L., Janicke, H., Jiang, J., & Crampton, A. (2017). Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. In M. A. Ferrag, & A. Ahmim (Eds.), Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics (pp. 160-178). [Chapter 9] (Security Solutions and Applied Cryptography in Smart Grid Communications). IGI Global. https://doi.org/10.4018/978-1-5225-1829-7.ch009