Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems

Leandros Maglaras, Helge Janicke, Jianmin Jiang, Andrew Crampton

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)

Abstract

SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds.
Original languageEnglish
Title of host publicationSecurity Solutions and Applied Cryptography in Smart Grid Communications
Subtitle of host publicationAdvances in Information Security, Privacy, and Ethics
EditorsMohamed Amine Ferrag, Ahmed Ahmim
PublisherIGI Global
Pages160-178
Number of pages19
ISBN (Electronic)9781522518303
ISBN (Print)9781522518297
DOIs
Publication statusPublished - 2017

Publication series

NameSecurity Solutions and Applied Cryptography in Smart Grid Communications
ISSN (Print)1948-9730
ISSN (Electronic)1948-9749

Fingerprint

SCADA systems
Intrusion detection
Support vector machines
Critical infrastructures
Testbeds
Clustering algorithms
Data acquisition

Cite this

Maglaras, L., Janicke, H., Jiang, J., & Crampton, A. (2017). Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. In M. A. Ferrag, & A. Ahmim (Eds.), Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics (pp. 160-178). [Chapter 9] (Security Solutions and Applied Cryptography in Smart Grid Communications). IGI Global. https://doi.org/10.4018/978-1-5225-1829-7.ch009
Maglaras, Leandros ; Janicke, Helge ; Jiang, Jianmin ; Crampton, Andrew. / Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics. editor / Mohamed Amine Ferrag ; Ahmed Ahmim. IGI Global, 2017. pp. 160-178 (Security Solutions and Applied Cryptography in Smart Grid Communications).
@inbook{1c96884fce2c438ebbcc1703e15e4654,
title = "Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems",
abstract = "SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds.",
author = "Leandros Maglaras and Helge Janicke and Jianmin Jiang and Andrew Crampton",
year = "2017",
doi = "10.4018/978-1-5225-1829-7.ch009",
language = "English",
isbn = "9781522518297",
series = "Security Solutions and Applied Cryptography in Smart Grid Communications",
publisher = "IGI Global",
pages = "160--178",
editor = "Ferrag, {Mohamed Amine} and Ahmim, {Ahmed }",
booktitle = "Security Solutions and Applied Cryptography in Smart Grid Communications",

}

Maglaras, L, Janicke, H, Jiang, J & Crampton, A 2017, Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. in MA Ferrag & A Ahmim (eds), Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics., Chapter 9, Security Solutions and Applied Cryptography in Smart Grid Communications, IGI Global, pp. 160-178. https://doi.org/10.4018/978-1-5225-1829-7.ch009

Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. / Maglaras, Leandros; Janicke, Helge; Jiang, Jianmin; Crampton, Andrew.

Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics. ed. / Mohamed Amine Ferrag; Ahmed Ahmim. IGI Global, 2017. p. 160-178 Chapter 9 (Security Solutions and Applied Cryptography in Smart Grid Communications).

Research output: Chapter in Book/Report/Conference proceedingChapter

TY - CHAP

T1 - Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems

AU - Maglaras, Leandros

AU - Janicke, Helge

AU - Jiang, Jianmin

AU - Crampton, Andrew

PY - 2017

Y1 - 2017

N2 - SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds.

AB - SCADA (Supervisory Control and Data Acquisition) systems are a critical part of modern national critical infrastructure (CI) systems. Due to the rapid increase of sophisticated cyber threats with exponentially destructive effects, intrusion detection systems (IDS) must systematically evolve. Specific intrusion detection systems that reassure both high accuracy, low rate of false alarms and decreased overhead on the network traffic must be designed for SCADA systems. In this book chapter we present a novel IDS, namely K-OCSVM, that combines both the capability of detecting novel attacks with high accuracy, due to its core One-Class Support Vector Machine (OCSVM) classification mechanism and the ability to effectively distinguish real alarms from possible attacks under different circumstances, due to its internal recursive k-means clustering algorithm. The effectiveness of the proposed method is evaluated through extensive simulations that are conducted using realistic datasets extracted from small and medium sized HTB SCADA testbeds.

U2 - 10.4018/978-1-5225-1829-7.ch009

DO - 10.4018/978-1-5225-1829-7.ch009

M3 - Chapter

SN - 9781522518297

T3 - Security Solutions and Applied Cryptography in Smart Grid Communications

SP - 160

EP - 178

BT - Security Solutions and Applied Cryptography in Smart Grid Communications

A2 - Ferrag, Mohamed Amine

A2 - Ahmim, Ahmed

PB - IGI Global

ER -

Maglaras L, Janicke H, Jiang J, Crampton A. Novel Intrusion Detection Mechanism with Low Overhead for SCADA Systems. In Ferrag MA, Ahmim A, editors, Security Solutions and Applied Cryptography in Smart Grid Communications: Advances in Information Security, Privacy, and Ethics. IGI Global. 2017. p. 160-178. Chapter 9. (Security Solutions and Applied Cryptography in Smart Grid Communications). https://doi.org/10.4018/978-1-5225-1829-7.ch009