Intrusion Detection and identification System Design and Performance Evaluation for Industrial SCADA Networks

by   Ahsan Al Zaki Khan, et al.

In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identification system for tens of different types of attacks against industrial SCADA networks. The machine learning classifier is trained and tested on the data generated using the laboratory prototype of a gas pipeline SCADA network. The dataset consists of three attack groups and seven different attack classes or categories. The same dataset further provides signatures of 35 different types of sub-attacks which are related to those seven attack classes. The study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect and identify specifically each of the 35 attack subclasses. The first stage of the classifier decides if a record is associated with normal operation or an attack signature. If the record is found to belong to an attack signature, then in the second stage, it is classified into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record is provided for a third stage sub-attack classification, where seven different classifiers are employed. The output from the third stage classifier identifies the sub-attack type to which the record belongs. Simulation results indicate that designs exploring specialization to domains or executing the classification in multiple stages versus single-stage designs are promising for problems where there are tens of classes. Comparison with studies in the literature also indicated that the multi-stage classifier performed markedly better.


page 1

page 2

page 3

page 4


PRISM: A Hierarchical Intrusion Detection Architecture for Large-Scale Cyber Networks

The increase in scale of cyber networks and the rise in sophistication o...

Attack based DoS attack detection using multiple classifier

One of the most common internet attacks causing significant economic los...

Efficient Attack Correlation and Identification of Attack Scenarios based on Network-Motifs

An Intrusion Detection System (IDS) to secure computer networks reports ...

Real-Time Alert Correlation with Type Graphs

The premise of automated alert correlation is to accept that false alert...

Voting Classifier-based Intrusion Detection for IoT Networks

Internet of Things (IoT) is transforming human lives by paving the way f...

On Generalisability of Machine Learning-based Network Intrusion Detection Systems

Many of the proposed machine learning (ML) based network intrusion detec...

Intrusion Detection: Machine Learning Baseline Calculations for Image Classification

Cyber security can be enhanced through application of machine learning b...