Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems
This work addresses the need for accurate and distributed intrusion detection in critical SCADA infrastructure for the electric utility industry, representing an incremental improvement over existing methods.
The paper tackles the problem of improving intrusion detection accuracy in SCADA systems by combining ensemble methods and social network metrics with OCSVM, achieving enhanced performance as validated through simulations on real cyber attacks in a testbed.
Modern Supervisory Control and Data Acquisition SCADA systems used by the electric utility industry to monitor and control electric power generation, transmission and distribution are recognized today as critical components of the electric power delivery infrastructure. SCADA systems are large, complex and incorporate increasing numbers of widely distributed components. The presence of a real time intrusion detection mechanism, which can cope with different types of attacks, is of great importance, in order to defend a system against cyber attacks This defense mechanism must be distributed, cheap and above all accurate, since false positive alarms, or mistakes regarding the origin of the intrusion mean severe costs for the system. Recently an integrated detection mechanism, namely IT-OCSVM was proposed, which is distributed in a SCADA network as a part of a distributed intrusion detection system (IDS), providing accurate data about the origin and the time of an intrusion. In this paper we also analyze the architecture of the integrated detection mechanism and we perform extensive simulations based on real cyber attacks in a small SCADA testbed in order to evaluate the performance of the proposed mechanism.