EAI Endorsed Transactions on Industrial Networks and Intelligent Systems 17(10): e4

Research Article

A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes

Download91 downloads
  • @ARTICLE{10.4108/eai.1-2-2017.152155,
        author={Barnaby Stewart and Luis Rosa and Leandros A. Maglaras and Tiago J. Cruz and Mohamed Amine Ferrag and Paulo Simoes and Helge Janicke},
        title={A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes},
        journal={EAI Endorsed Transactions on Industrial Networks and Intelligent Systems},
        volume={17},
        number={10},
        publisher={EAI},
        journal_a={INIS},
        year={2017},
        month={2},
        keywords={Intrusion Detection Systems, Support Vector Machines, Adaptive Mechanisms},
        doi={10.4108/eai.1-2-2017.152155}
    }
    
  • Barnaby Stewart
    Luis Rosa
    Leandros A. Maglaras
    Tiago J. Cruz
    Mohamed Amine Ferrag
    Paulo Simoes
    Helge Janicke
    Year: 2017
    A Novel Intrusion Detection Mechanism for SCADA systems which Automatically Adapts to Network Topology Changes
    INIS
    EAI
    DOI: 10.4108/eai.1-2-2017.152155
Barnaby Stewart1, Luis Rosa2, Leandros A. Maglaras1,*, Tiago J. Cruz2, Mohamed Amine Ferrag3, Paulo Simoes2, Helge Janicke1
  • 1: School of Computer Science and Informatics De Montfort University Leicester, UK
  • 2: University of Coimbra, Coimbra, Portugal
  • 3: Department of Computer Science, Guelma University, Algeria
*Contact email: leandros.maglaras@dmu.ac.uk

Abstract

Industrial Control Systems (ICS) are getting more vulnerable as they become increasingly interconnected with other systems. Industrial Internet of Things(IIoT) will bring new opportunities to business and society, along with new threats and security risks. One major change that ICS will face will be that of the dynamic network topology. Changes in the network architecture will affect the performance of the ICS along with the efficiency of the security mechanisms that are deployed. The current article investigates how changes in the network architecture of a supervisory control and data acquisition (SCADA) system affect the performance of an Intrusion Detection System IDS that is based on the One class Support Vector Machine (OCSVM). Also the article proposes an adaptive mechanism that can cope with such changes and can work in real time situations. The performance of the proposed adaptive IDS is tested using traces from a Hybrid ICS testbed with a dynamic topology.