OCSVM model combined with K-means recursive clustering for intrusion detection in SCADA systems

Maglaras, LA and Jiang, J (2014) OCSVM model combined with K-means recursive clustering for intrusion detection in SCADA systems Proceedings of the 2014 10th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, QSHINE 2014. pp. 133-134.

Full text not available from this repository.

Abstract

© 2014 ICST.Intrusion detection in Supervisory Control and Data Acquisition (SCADA) systems is of major importance nowadays. Most of the systems are designed without cyber security in mind, since interconnection with other systems through unsafe channels, is becoming the rule during last years. The de-isolation of SCADA systems make them vulnerable to attacks, disrupting its correct functioning and tampering with its normal operation. In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system, based on the combination of One-Class Support Vector Machine (OCSVM) with RBF kernel and recursive k-means clustering. The combination of OCSVM with recursive k-means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters σ and ν, making it ideal for real-time intrusion detection mechanisms for SCADA systems. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. The module is part of an IDS (Intrusion Detection System) system developed under CockpitCI project.

Item Type:	Article
Authors :	Name Email ORCID Maglaras, LA l.maglaras@surrey.ac.uk Jiang, J jianmin.jiang@surrey.ac.uk
Date :	1 January 2014
DOI :	10.1109/QSHINE.2014.6928673
Depositing User :	Symplectic Elements
Date Deposited :	17 May 2017 13:32
Last Modified :	16 Jan 2019 18:46
URI:	http://epubs.surrey.ac.uk/id/eprint/839573

Actions (login required)

View Item

Downloads