Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems
Files
Date
Advisors
Journal Title
Journal ISSN
ISSN
Volume Title
Publisher
Type
Peer reviewed
Abstract
Modern Supervisory Control and Data Acquisition SCADA systems used bythe electric utility industry to monitor and control electric power generation,transmission and distribution are recognized today as critical components ofthe electric power delivery infrastructure. SCADA systems are large, complexand incorporate increasing numbers of widely distributed components. Thepresence of a real time intrusion detection mechanism, which can cope withdi erent types of attacks, is of great importance, in order to defend a systemagainst cyber attacks This defense mechanism must be distributed, cheapand above all accurate, since false positive alarms, or mistakes regardingthe origin of the intrusion mean severe costs for the system. Recently anintegrated detection mechanism, namelyIT-OCSVMwas proposed, which isdistributed in a SCADA network as a part of a distributed intrusion detectionsystem (IDS), providing accurate data about the origin and the time of anintrusion. In this paper we also analyze the architecture of the integrateddetection mechanism and we perform extensive simulations based on realcyber attacks in a small SCADA testbed in order to evaluate the performanceof the proposed mechanism