Research Article
Instruction Detection in SCADA/Modbus Network Based on Machine Learning
@INPROCEEDINGS{10.1007/978-3-319-73447-7_48, author={Haicheng Qu and Jitao Qin and Wanjun Liu and Hao Chen}, title={Instruction Detection in SCADA/Modbus Network Based on Machine Learning}, proceedings={Machine Learning and Intelligent Communications. Second International Conference, MLICOM 2017, Weihai, China, August 5-6, 2017, Proceedings, Part II}, proceedings_a={MLICOM}, year={2018}, month={2}, keywords={Cyber security Intrusion detection Supervised learning OCSVM}, doi={10.1007/978-3-319-73447-7_48} }- Haicheng Qu
Jitao Qin
Wanjun Liu
Hao Chen
Year: 2018
Instruction Detection in SCADA/Modbus Network Based on Machine Learning
MLICOM
Springer
DOI: 10.1007/978-3-319-73447-7_48
Abstract
Cyber security threats of industrial control system have become increasingly sophisticated and complex. In the related intrusion detection, there is a problem that intrusion detection based on network communication behavior cannot fully find out the potential intrusion. The Machine Learning is applied to seek out the abnormal of industrial network. First of all, the supervised learning methods, such as Decision Tree, K-Nearest Neighbors, SVM and so on, were adopted to deal with SCADA network dataset and related discriminated features. Next, an anomaly detection model is built using One-Class classification method, and the effect of the One-Class Classification method in the SCADA network dataset is analyzed from the recall rate, the accuracy rate, the false positive rate and the false negative rate. It is shown that the anomaly detection model constructed by the One-Class Support Vector Machine (OCSVM) method has high accuracy, and the Decision Tree method can commendably detect the intrusion behavior.