• RMIT Australia
  • RMIT Global
  • RMIT Australia
  • RMIT Europe
  • RMIT Vietnam

• Students
• Alumni
• Staff

Research Repository

Back to Library

• Home
• Browse
• Search
• FAQs
• About
• Contact Us

An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems ALMALAWI, A, Yu, X, Tari, Z, Al-Harthi, A and Khalil, I 2014, 'An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems', Computers and Security, vol. 46, pp. 94-110. Document type: Journal Article Collection: Journal Articles Title An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems Author(s) ALMALAWI, A Yu, X Tari, Z Al-Harthi, A Khalil, I Year 2014 Journal name Computers and Security Volume number 46 Start page 94 End page 110 Total pages 17 Publisher Elsevier Ltd. Abstract Supervisory Control and Data Acquisition (SCADA) systems are a core part of industrial systems, such as smart grid power and water distribution systems. In recent years, such systems become highly vulnerable to cyber attacks. The design of efficient and accurate data-driven anomaly detection models become an important topic of interest relating to the development of SCADA-specific Intrusion Detection Systems (IDSs) to counter cyber attacks. This paper proposes two novel techniques: (i) an automatic identification of consistent and inconsistent states of SCADA data for any given system, and (ii) an automatic extraction of proximity detection rules from identified states. During the identification phase, the density factor for the k-nearest neighbours of an observation is adapted to compute its inconsistency score. Then, an optimal inconsistency threshold is calculated to separate inconsistent from consistent observations. During the extraction phase, the well-known fixed-width clustering technique is extended to extract proximity-detection rules, which forms a small and most-representative data set for both inconsistent and consistent behaviours in the training data set. Extensive experiments were carried out both on real as well as simulated data sets, and we show that the proposed techniques provide significant accuracy and efficiency in detecting cyber attacks, compared to three well-known anomaly detection approaches. Subject Information and Computing Sciences not elsewhere classified Keyword(s) Consistent/Inconsistent SCADA Patterns Cyber-warfare Intrusion Detection System SCADA systems Unsupervised detection DOI - identifier 10.1016/j.cose.2014.07.005 Copyright notice © 2014 Published by Elsevier Ltd. All rights reserved. ISSN 0167-4048 Related Links Link Description http://dx.doi.org/10.1016/j.cose.2014.07.005 Link to Published Version   Versions Version Filter Type Mon, 20 Apr 2015, 15:49:01 EST Filtered Full Citation counts:   Cited 28 times in Thomson Reuters Web of Science Article | Citations Cited 22 times in Scopus Article | Citations Altmetric details: Access Statistics: 188 Abstract Views  -  Detailed Statistics Created: Mon, 20 Apr 2015, 14:31:00 EST by Catalyst Administrator