Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning
This work addresses the need for robust anomaly detection in critical SCADA water infrastructures to enhance security and operational efficiency, but it appears incremental as it applies existing ML methods to a specific domain without major methodological breakthroughs.
The paper tackles the problem of detecting anomalies in SCADA water systems, which are vulnerable to cyber-attacks and hardware failures, by developing a model using six machine learning techniques that classifies events and provides probability-based notifications to operators, achieving unspecified performance metrics.
Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset.