Abstract
Cyber security threats of industrial control system have become increasingly sophisticated and complex. In the related intrusion detection, there is a problem that intrusion detection based on network communication behavior cannot fully find out the potential intrusion. The Machine Learning is applied to seek out the abnormal of industrial network. First of all, the supervised learning methods, such as Decision Tree, K-Nearest Neighbors, SVM and so on, were adopted to deal with SCADA network dataset and related discriminated features. Next, an anomaly detection model is built using One-Class classification method, and the effect of the One-Class Classification method in the SCADA network dataset is analyzed from the recall rate, the accuracy rate, the false positive rate and the false negative rate. It is shown that the anomaly detection model constructed by the One-Class Support Vector Machine (OCSVM) method has high accuracy, and the Decision Tree method can commendably detect the intrusion behavior.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Knowles, W., Prince, D., Hutchison, D., et al.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015)
Shang, W., An, P., Wan, M., et al.: Research and development overview of intrusion detection technology in industrial control system. Appl. Res. Comput. 34(2), 328–333, 342 (2017)
Yang, A., Sun, L., Wang, X., et al.: Intrusion detection techniques for industrial control systems. J. Comput. Res. Dev. 53(9), 2039–2054 (2016)
Bartman, T., Kraft, J.: An introduction to applying network intrusion detection for industrial control systems. In: AISTech 2016, The Iron & Steel Technology Conference and Exposition, 16–19 May 2016
Luo, Y., Chen, W.: On a network anomaly detection method based on kernel entropy component analysis and artificial immune. J. Southwest China Normal Univ. (Nat. Sci. Ed.) 41(6), 119–124 (2016)
Wan, M., Shang, W., Zeng, P., Zhao, J.: Modbus/TCP communication control method based on deep function code inspection. Inf. Control 45(2), 248–256 (2016)
Ayres, E., Nkem, J.N., Wall, D.H., et al.: A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. 41(4), 1690–1700 (2014). Pergamon Press, Inc
Liu, F.T., Ting, K.M., Zhou, Z.H.: Isolation-based anomaly detection. Acm Trans. Knowl. Disc. Data 6(1), 1–39 (2012)
Wu, L., Li, S., Gan, X., et al.: Network anomaly intrusion detection CVM model based on PLS feature extraction. Control Decis. 32(4), 755–758 (2017)
Li, H., Liu, Y.: A new kind of SVM intrusion detection strategy for integration. Comput. Eng. Appl. 48(4), 87–90 (2012)
Wang, H., Yang, Z., Yan, B., Chen, D.: Application of fusion PCA and PSO-SVM method in industrial control intrusion detection. Bull. Sci. Technol. 33(1), 80–85 (2017)
Zhou, Z.H.: Machine Learning. Tsinghua University Press, Beijing (2016)
Nader, P.: One-class classification for cyber intrusion detection in industrial systems. IEEE Trans. Industr. Inf. 10(4), 2308–2317 (2015)
Nader, P., Honeine, P., Beauseroy, P.: The role of one-class classification in detecting cyberattacks in critical infrastructures. In: Panayiotou, C.G.G., Ellinas, G., Kyriakides, E., Polycarpou, M.M.M. (eds.) CRITIS 2014. LNCS, vol. 8985, pp. 244–255. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31664-2_25
Shang, W., Li, L., Wan, M., Zeng, P.: Intrusion detection algorithm based on optimized one-class support vector machine for industrial control system. Inf. Control 44(6), 678–684 (2015)
Hoffmann, H.: Kernel PCA for novelty detection. Pattern Recognit. 40(3), 863–874 (2007)
Morris, T., Gao, W.: Industrial control system traffic data sets for intrusion detection research. In: Butts, J., Shenoi, S. (eds.) ICCIP 2014. IFIP Advances in Information and Communication Technology, pp. 66–78. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45355-1_5
Shirazi, S.N., Gouglidis, A., Syeda, K.N., Simpson, S., Mauthe, A., Stephanakis, I.M., Hutchison, D.: Evaluation of anomaly detection techniques for SCADA communication resilience. In: Resilience Week (RWS) 2016, pp. 140–145. IEEE (2016)
Acknowledgment
This paper uses the dataset for the intrusion detection and evaluation of industrial control systems proposed by the Key Infrastructure Protection Center of Mississippi State University in 2014. The author would like to thank T. Morris to create and share this dataset.
In addition, this work was supported in part by the general project of scientific research of the Education Department of Liaoning Province under grants L2015216 and other foundations under grants FJ1603, 20160092T.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Qu, H., Qin, J., Liu, W., Chen, H. (2018). Instruction Detection in SCADA/Modbus Network Based on Machine Learning. In: Gu, X., Liu, G., Li, B. (eds) Machine Learning and Intelligent Communications. MLICOM 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 227. Springer, Cham. https://doi.org/10.1007/978-3-319-73447-7_48
Download citation
DOI: https://doi.org/10.1007/978-3-319-73447-7_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73446-0
Online ISBN: 978-3-319-73447-7
eBook Packages: Computer ScienceComputer Science (R0)