Research Article
A novel intrusion detection method based on OCSVM and K-means recursive clustering
@ARTICLE{10.4108/sesa.2.3.e5, author={Leandros A. Maglaras and Jianmin Jiang}, title={A novel intrusion detection method based on OCSVM and K-means recursive clustering}, journal={EAI Endorsed Transactions on Security and Safety}, volume={2}, number={3}, publisher={ICST}, journal_a={SESA}, year={2015}, month={1}, keywords={Cyber security, SCADA systems, support vector machine, machine learning}, doi={10.4108/sesa.2.3.e5} }
- Leandros A. Maglaras
Jianmin Jiang
Year: 2015
A novel intrusion detection method based on OCSVM and K-means recursive clustering
SESA
ICST
DOI: 10.4108/sesa.2.3.e5
Abstract
In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system, based on the combination of One-Class Support Vector Machine (OCSVM) with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.
Copyright © 2014 L. A. Maglaras and J Jiang , licensed to ICST. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.