Abstract
Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
Original language | English |
---|---|
Title of host publication | Computer security |
Subtitle of host publication | ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6–7, 2018, revised selected papers |
Editors | Sokratis K. Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Annie Antón, Stefanos Gritzalis, John Mylopoulos, Christos Kalloniatis |
Publisher | Springer |
Pages | 3-19 |
Number of pages | 17 |
ISBN (Electronic) | 9783030127862 |
ISBN (Print) | 9783030127855 |
DOIs | |
Publication status | Published - 25 Mar 2019 |
Event | International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems - Barcelona, Spain Duration: 6 Sept 2018 → 7 Sept 2018 https://www.ds.unipi.gr/cybericps2018/ |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 11387 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems |
---|---|
Abbreviated title | CyberICPS 2018 |
Country/Territory | Spain |
City | Barcelona |
Period | 6/09/18 → 7/09/18 |
Internet address |
Keywords
- Cyber-physical systems
- Machine learning
- SCADA
- SIEM
Fingerprint
Dive into the research topics of 'Improving SIEM for critical SCADA water infrastructures using machine learning'. Together they form a unique fingerprint.Student theses
-
Intrusion Detection Systems using Machine Learning and Deep Learning techniques
Hindy, H. (Author), Coull, N. (Supervisor), Bayne, E. (Supervisor), Elsayed, S. H. (Supervisor) & Bellekens, X. (Supervisor), 7 Sept 2021Student thesis: Doctoral Thesis
File