A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes

Barnaby Stewart; Luis Rosa; Leandros A. Maglaras; Tiago J. Cruz; Mohamed Amine Ferrag; Paulo Simoes; Helge Janicke

Research Article

A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes

Download1494 downloads

Cite: BibTeX Plain Text

@ARTICLE{10.4108/eai.1-2-2017.152155,
    author={Barnaby Stewart and Luis Rosa and Leandros A. Maglaras and Tiago J. Cruz and Mohamed Amine Ferrag and Paulo Simoes and Helge Janicke},
    title={A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes},
    journal={EAI Endorsed Transactions on Industrial Networks and Intelligent Systems},
    volume={4},
    number={10},
    publisher={EAI},
    journal_a={INIS},
    year={2017},
    month={2},
    keywords={Intrusion Detection Systems, Support Vector Machines, Adaptive Mechanisms},
    doi={10.4108/eai.1-2-2017.152155}
}

Barnaby Stewart
Luis Rosa
Leandros A. Maglaras
Tiago J. Cruz
Mohamed Amine Ferrag
Paulo Simoes
Helge Janicke
Year: 2017
A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes
INIS
EAI
DOI: 10.4108/eai.1-2-2017.152155

Barnaby Stewart¹, Luis Rosa², Leandros A. Maglaras¹^,*, Tiago J. Cruz², Mohamed Amine Ferrag³, Paulo Simoes², Helge Janicke¹

1: School of Computer Science and Informatics De Montfort University Leicester, UK
2: University of Coimbra, Coimbra, Portugal
3: Department of Computer Science, Guelma University, Algeria

*Contact email: leandros.maglaras@dmu.ac.uk

Abstract

Industrial Control Systems (ICS) are getting more vulnerable as they become increasingly interconnected with other systems. Industrial Internet of Things(IIoT) will bring new opportunities to business and society, along with new threats and security risks. One major change that ICS will face will be that of the dynamic network topology. Changes in the network architecture will aﬀect the performance of the ICS along with the eﬃciency of the security mechanisms that are deployed. The current article investigates how changes in the network architecture of a supervisory control and data acquisition (SCADA) system aﬀect the performance of an Intrusion Detection System IDS that is based on the One class Support Vector Machine (OCSVM). Also the article proposes an adaptive mechanism that can cope with such changes and can work in real time situations. The performance of the proposed adaptive IDS is tested using traces from a Hybrid ICS testbed with a dynamic topology.

Keywords: Intrusion Detection Systems, Support Vector Machines, Adaptive Mechanisms

Received: 2016-11-28
Accepted: 2017-01-14
Published: 2017-02-01
Publisher: EAI

: http://dx.doi.org/10.4108/eai.1-2-2017.152155

Copyright © 2017 Barnaby Stewart et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.