A real time OCSVM Intrusion Detection module with low overhead for SCADA systems
Journal Title: International Journal of Advanced Research in Artificial Intelligence(IJARAI) - Year 2014, Vol 3, Issue 10
Abstract
In this paper we present a intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system. Malicious data in a SCADA system disrupt its correct functioning and tamper with its normal operation. OCSVM (One-Class Support Vector Machine) is an intrusion detection mechanism that does not need any labeled data for training or any information about the kind of anomaly is expecting for the detection process. This feature makes it ideal for processing SCADA environment data and automate SCADA performance monitoring. The OCSVM module developed is trained by network traces off line and detect anomalies in the system real time. In order to decrease the overhead induced by communicated alarms we propose a new detection mechanism that is based on the combination of OCSVM with a recursive k-means clustering procedure. The proposed intrusion detection module K??OCSVMis capable to distinguish severe alarms from possible attacks regardless of the values of parameters and , making it ideal for real-time intrusion detection mechanisms for SCADA systems. The most severe alarms are then communicated with the use of IDMEF files to an IDSIDS (Intrusion Detection System) system that is developed under CockpitCI project. Alarm messages carry information about the source of the incident, the time of the intrusion and a classification of the alarm.
Authors and Affiliations
Leandros Maglaras, Jianmin Jiang
Keywords
Related Articles
- EP ID EP110798
- DOI 10.14569/IJARAI.2014.031006
- Views 148
- Downloads 0
An Optimization of Granular Networks Based on PSO and Two-Sided Gaussian Contexts
This paper is concerned with an optimization of GN (Granular Networks) based on PSO (Particle Swarm Optimization) and Information granulation). The GN is designed by the linguistic model using context-based fuzzy c-means...
The Need for a New Data Processing Interface for Digital Forensic Examination
Digital forensic science provides tools, techniques and scientifically proven methods that can be used to acquire and analyze digital evidence. There is a need for law enforcement agencies, government and private organis...
Migration Dynamics in Artificial Agent Societies
An Artificial Agent Society can be defined as a collection of agents interacting with each other for some purpose and/or inhabiting a specific locality, possibly in accordance to some common norms/rules. These soci...
A genetic algorithm approach for scheduling of resources in well-services companies
In this paper, two examples of resources scheduling in well-services companies are solved by means of genetic algorithms: resources for call solving, people scheduling. The results demonstrate that the genetic algorithm...
Defending Grey Attacks by Exploiting Wavelet Analysis in Collaborative Filtering Recommender Systems
“Shilling” attacks or “profile injection” attacks have always major challenges in collaborative filtering recommender systems (CFRSs). Many efforts have been devoted to improve collaborative filtering techniques wh...