Title :
Anomaly Detection via One Class SVM for Protection of SCADA Systems
Author :
Jianmin Jiang ; Yasakethu, Lasith
Author_Institution :
Dept. of Comput., Univ. of Surrey, Guildford, UK
Abstract :
Funded by European Framework-7 (FP7), the CockpicCI project aims at developing intelligent risk detection, analysis and protection techniques for Critical Infrastructures (CI). In this paper, we describes our recent research on automated anomaly detection from central Supervisory Control and Data Acquisition (SCADA) systems and their related commands/measurements in the SCADA-field equipment communications. The work exploits the concept of one-class SVM (Support Vector Machines) and adaptively controls its decision parameter to detect unusual patterns from inputs and generate alarms for on-site engineers to further investigate. Experiments on simulation data sets from telecommunication networks illustrate that the proposed algorithm achieves high detection rates, providing excellent potential for further research and development towards practical tools for protection of SCADA systems.
Keywords :
SCADA systems; critical infrastructures; risk analysis; security of data; support vector machines; CI; CockpicCI project; European Framework-7; FP7; SCADA field equipment communications; SCADA systems protection; automated anomaly detection; central SCADA systems; critical infrastructures; detection rates; intelligent risk analysis techniques; intelligent risk detection techniques; intelligent risk protection techniques; one class SVM; supervisory control and data acquisition; support vector machines; telecommunication networks; Computer security; Feature extraction; Intrusion detection; SCADA systems; Support vector machines; Testing; Training; Anomaly detection; SVMs; risk analysis;
Conference_Titel :
Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2013 International Conference on
Conference_Location :
Beijing
DOI :
10.1109/CyberC.2013.22
