A real time OCSVM Intrusion Detection module with low overhead for SCADA systems
Journal Title: International Journal of Advanced Research in Artificial Intelligence(IJARAI) - Year 2014, Vol 3, Issue 10
Abstract
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. In order to decrease the overhead induced by communicated alarms we propose a new detection mechanism that is based on the combination of OCSVM with a recursive k-means clustering procedure. The proposed intrusion detection module K??OCSVMis capable to distinguish severe alarms from possible attacks regardless of the values of parameters and , making it ideal for real-time intrusion detection mechanisms for SCADA systems. The most severe alarms are then communicated with the use of IDMEF files to an IDSIDS (Intrusion Detection System) system that is developed under CockpitCI project. Alarm messages carry information about the source of the incident, the time of the intrusion and a classification of the alarm.
Authors and Affiliations
Leandros Maglaras, Jianmin Jiang
Keywords
Related Articles
- EP ID EP110798
- DOI 10.14569/IJARAI.2014.031006
- Views 146
- Downloads 0
IMAGE RETRIEVAL AND CLASSIFICATION METHOD BASED ON EUCLIDIAN DISTANCE BETWEEN NORMALIZED FEATURES INCLUDING WAVELET DESCRIPTOR
Image retrieval method based on Euclidian distance between normalized features with their mean and variance in feature space is proposed. Effectiveness of the normalization is evaluated together with a validation o...
A genetic algorithm approach for scheduling of resources in well-services companies
In this paper, two examples of resources scheduling in well-services companies are solved by means of genetic algorithms: resources for call solving, people scheduling. The results demonstrate that the genetic algorithm...
A Discrete Mechanics Approach to Gait Generation on Periodically Unlevel Grounds for the Compass-type Biped Robot
This paper addresses a gait generation problem for the compass-type biped robot on periodically unlevel grounds. We first derive the continuous/discrete compass-type biped robots (CCBR/DCBR) via continuous/discrete mecha...
Zernike Moment Feature Extraction for Handwritten Devanagari (Marathi) Compound Character Recognition
Compound character recognition of Devanagari script is one of the challenging tasks since the characters are complex in structure and can be modified by writing combination of two or more characters. These compound...
Comparative study between the proposed shape independent clustering method and the conventional methods (K-means and the other)
Cluster analysis aims at identifying groups of similar objects and, therefore helps to discover distribution of patterns and interesting correlations in the data sets. In this paper, we propose to provide a consist...