A real time OCSVM Intrusion Detection module with low overhead for SCADA systems
Journal Title: International Journal of Advanced Research in Artificial Intelligence(IJARAI) - Year 2014, Vol 3, Issue 10
Abstract
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. In order to decrease the overhead induced by communicated alarms we propose a new detection mechanism that is based on the combination of OCSVM with a recursive k-means clustering procedure. The proposed intrusion detection module K??OCSVMis capable to distinguish severe alarms from possible attacks regardless of the values of parameters and , making it ideal for real-time intrusion detection mechanisms for SCADA systems. The most severe alarms are then communicated with the use of IDMEF files to an IDSIDS (Intrusion Detection System) system that is developed under CockpitCI project. Alarm messages carry information about the source of the incident, the time of the intrusion and a classification of the alarm.
Authors and Affiliations
Leandros Maglaras, Jianmin Jiang
Keywords
Related Articles
- EP ID EP110798
- DOI 10.14569/IJARAI.2014.031006
- Views 124
- Downloads 0
Packrat Parsing: A Literature Review
Packrat parsing is recently introduced technique based upon expression grammar. This parsing approach uses memoization and ensures a guarantee of linear parse time by avoiding redundant function calls by using memo...
Method for Face Identification with Facial Action Coding System: FACS Based on Eigen Value Decomposion
Method for face identification based on eigen value decomposition together with tracing trajectories in the eigen space after the eigen value decomposition is proposed. The proposed method allows person to person differe...
Hybrid Intelligent Approach for Predicting Product Compositions of a Distillation Column
Compositions measurement is a vitally critical issue for the modelling and control of distillation process. The product compositions of distillation columns are traditionally measured using indirect techniques via...
Fuzzy Soft Sets Supporting Multi-Criteria Decision Processes
Students experience various types of difficulties when it comes to examinations, where some of them are subject related while others are more of a psychological character. A number of factors influencing academic s...
Blurring and Deblurring Digital Images Using the Dihedral Group
A new method of blurring and deblurring digital images is presented. The approach is based on using new filters generating from average filter and H-filters using the action of the dihedral group. These filters are...