An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems

ALMALAWI, A, Yu, X, Tari, Z, Al-Harthi, A and Khalil, I 2014, 'An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems', Computers and Security, vol. 46, pp. 94-110.


Document type: Journal Article
Collection: Journal Articles

Title An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems
Author(s) ALMALAWI, A
Yu, X
Tari, Z
Al-Harthi, A
Khalil, I
Year 2014
Journal name Computers and Security
Volume number 46
Start page 94
End page 110
Total pages 17
Publisher Elsevier Ltd.
Abstract Supervisory Control and Data Acquisition (SCADA) systems are a core part of industrial systems, such as smart grid power and water distribution systems. In recent years, such systems become highly vulnerable to cyber attacks. The design of efficient and accurate data-driven anomaly detection models become an important topic of interest relating to the development of SCADA-specific Intrusion Detection Systems (IDSs) to counter cyber attacks. This paper proposes two novel techniques: (i) an automatic identification of consistent and inconsistent states of SCADA data for any given system, and (ii) an automatic extraction of proximity detection rules from identified states. During the identification phase, the density factor for the k-nearest neighbours of an observation is adapted to compute its inconsistency score. Then, an optimal inconsistency threshold is calculated to separate inconsistent from consistent observations. During the extraction phase, the well-known fixed-width clustering technique is extended to extract proximity-detection rules, which forms a small and most-representative data set for both inconsistent and consistent behaviours in the training data set. Extensive experiments were carried out both on real as well as simulated data sets, and we show that the proposed techniques provide significant accuracy and efficiency in detecting cyber attacks, compared to three well-known anomaly detection approaches.
Subject Information and Computing Sciences not elsewhere classified
Keyword(s) Consistent/Inconsistent SCADA Patterns
Cyber-warfare
Intrusion Detection System
SCADA systems
Unsupervised detection
DOI - identifier 10.1016/j.cose.2014.07.005
Copyright notice © 2014 Published by Elsevier Ltd. All rights reserved.
ISSN 0167-4048
Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 31 times in Thomson Reuters Web of Science Article | Citations
Scopus Citation Count Cited 22 times in Scopus Article | Citations
Altmetric details:
Access Statistics: 191 Abstract Views  -  Detailed Statistics
Created: Mon, 20 Apr 2015, 14:31:00 EST by Catalyst Administrator
© 2014 RMIT Research Repository • Powered by Fez SoftwareContact us