About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 15(3): e5

Research Article

A novel intrusion detection method based on OCSVM and K-means recursive clustering

Download1543 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/sesa.2.3.e5,
        author={Leandros A. Maglaras and Jianmin Jiang},
        title={A novel intrusion detection method based on OCSVM and K-means recursive clustering},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={2},
        number={3},
        publisher={ICST},
        journal_a={SESA},
        year={2015},
        month={1},
        keywords={Cyber security, SCADA systems, support vector machine, machine learning},
        doi={10.4108/sesa.2.3.e5}
    }
    
  • Leandros A. Maglaras
    Jianmin Jiang
    Year: 2015
    A novel intrusion detection method based on OCSVM and K-means recursive clustering
    SESA
    ICST
    DOI: 10.4108/sesa.2.3.e5
Leandros A. Maglaras1,*, Jianmin Jiang1
  • 1: University of Surrey, Department of Computing, Guildford, UK
*Contact email: l.maglaras@surrey.ac.uk

Abstract

In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system, based on the combination of One-Class Support Vector Machine (OCSVM) with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.

Keywords
Cyber security, SCADA systems, support vector machine, machine learning
Received
2014-10-27
Accepted
2014-10-30
Published
2015-01-30
Publisher
ICST
http://dx.doi.org/10.4108/sesa.2.3.e5

Copyright © 2014 L. A. Maglaras and J Jiang , licensed to ICST. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL