A real time OCSVM Intrusion Detection module with low overhead for SCADA systems
Journal Title: International Journal of Advanced Research in Artificial Intelligence(IJARAI) - Year 2014, Vol 3, Issue 10
Abstract
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. In order to decrease the overhead induced by communicated alarms we propose a new detection mechanism that is based on the combination of OCSVM with a recursive k-means clustering procedure. The proposed intrusion detection module K??OCSVMis capable to distinguish severe alarms from possible attacks regardless of the values of parameters and , making it ideal for real-time intrusion detection mechanisms for SCADA systems. The most severe alarms are then communicated with the use of IDMEF files to an IDSIDS (Intrusion Detection System) system that is developed under CockpitCI project. Alarm messages carry information about the source of the incident, the time of the intrusion and a classification of the alarm.
Authors and Affiliations
Leandros Maglaras, Jianmin Jiang
Keywords
Related Articles
- EP ID EP110798
- DOI 10.14569/IJARAI.2014.031006
- Views 128
- Downloads 0
Sea Ice Concentration Estimation Method with Satellite Based Visible to Near Infrared Radiometer Data Based on Category Decomposition
Unmixing method for estimation of mixing ratio of the components of which the pixel in concern consists based on inversion theory is proposed together with its application to sea ice estimation method with satellit...
Improvement of Automated Detection Method for Clustered Microcalcification Based on Wavelet Transformation and Support Vector Machine
The main problem that corresponding with breast cancer is how to deal with small calcification part inside the breast called microcalcification (MC). A breast screening examination called mammogram is provided as p...
A Simulated Multiagent-Based Architecture for Intrusion Detection System
In this work, a Multiagent-based architecture for Intrusion Detection System (MIDS) is proposed to overcome the shortcoming of current Mobile Agent-based Intrusion Detection System. MIDS is divided into three major...
Estimation of Protein Content in Rice Crop and Nitrogen Content in Rice Leaves Through Regression Analysis with NDVI Derived from Camera Mounted Radio-Control Helicopter
Estimation of protein content in rice crop and nitrogen content in rice leaves through regression analysis with Normalized Difference Vegetation Index: NDVI derived from camera mounted radio-control helicopter is p...
Access Fee Charging System for Information Contents Sharing Through P2P Communications
Charge system for information contents exchange through P2P communications is proposed. Security is the most important for this charge system and is kept with data hiding method with steganography and watermarking. Secur...