Skip to main content
SpringerLink
Log in

A Novel LWCSO-PKM-Based Feature Optimization and Classification of Attack Types in SCADA Network

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Currently, Supervisory Control and Data Acquisition (SCADA) systems are widely used in the remote monitoring and control of the large-scale manufacturing plants and power grids. The development of high-security SCADA is the major requirement due to their vulnerability to attacks based on the architectural constraints. The decision making regarding the controlling of power flows and the replacement of faulty devices is based on the two stages normal or attacked. The observations from the sensor play the major role in the classification of normal and abnormal patterns. With the increase in a number of observations, the dimensionality of features is high and thus there is a chance of misleading results during the classification progress. Various classification and the intrusion detection (ID) algorithms are available to reduce the dimensionality of features for better classification. This paper proposes a novel approach for feature optimization and classification of the attack types in the SCADA network with better performance than the existing algorithms. The Linear Weighted Cuckoo Search Optimization (LWCSO) algorithm in proposed work selects the best features from the overall features. A Probabilistic Kernel Model (PKM) updates the weight function of each node to form the clusters representing the optimal features. The label is applied to each cluster based on the difference between the set of labeled training features with the testing feature set. Based on this label, the features are applied to detect the anomaly node in the network area. From the classification result, if the attack type is already known, then appropriate action is taken immediately. If the attack type is unknown, its type is added to the database. The periodical discovery of the type of attack and the database update with the unknown attacks increases the detection ability effectively. From the performance analysis, it is observed that the proposed LWCSO-PKM approach achieves better performance than the existing classification techniques and IDS algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42, 2670–2679 (2015)

    Article  Google Scholar 

  2. Elhag, S.; Fernández, A.; Bawakid, A.; Alshomrani, S.; Herrera, F.: On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems. Expert Syst. Appl. 42, 193–202 (2015)

    Article  Google Scholar 

  3. Wang, G.; Hao, J.; Ma, J.; Huang, L.: A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering. Expert Syst. Appl. 37, 6225–6232 (2010)

    Article  Google Scholar 

  4. Yang, Y.; McLaughlin, K.; Sezer, S.; Littler, T.; Im, E.G.; Pranggono, B.; et al.: Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29, 1092–1102 (2014)

    Article  Google Scholar 

  5. Zhu, B.; Sastry, S.: SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. In: Proceedings of the 1st Workshop on Secure Control Systems (SCS) (2010)

  6. Almalawi, A.; Yu, X.; Tari, Z.; Fahad, A.; Khalil, I.: An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems. Comput. Secur. 46, 94–110 (2014)

    Article  Google Scholar 

  7. Snort_inline. http://snort-inline.sourceforge.net/oldhome.html

  8. Yang, Y.; McLaughlin, K.; Littler, T.; Sezer, S.; Pranggono, B.; Wang, H.: Intrusion detection system for IEC 60870-5-104 based SCADA networks. In: IEEE Power and Energy Society General Meeting (PES), vol. 2013, pp. 1–5 (2013)

  9. Maglaras, L.A.; Jiang, J.: Ocsvm model combined with k-means recursive clustering for intrusion detection in scada systems. In: 10th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness (QShine), pp. 133–134 (2014)

  10. Fahad, A.; Tari, Z.; Khalil, I.; Habib, I.; Alnuweiri, H.: Toward an efficient and scalable feature selection approach for internet traffic classification. Comput. Netw. 57, 2040–2057 (2013)

    Article  Google Scholar 

  11. Gong, Y.; Fang, Y.; Liu, L.; Li, J.: Multi-agent intrusion detection system using feature selection approach. In: Tenth International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), pp. 528-531 (2014)

  12. Nader, P.; Honeine, P.; Beauseroy, P.: \({I_p}\)-norms in one-class classification for intrusion detection in SCADA systems. IEEE Trans. Ind. Inform. 10, 2308–2317 (2014)

    Article  Google Scholar 

  13. Erez, N.; Wool, A.: Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems. Int. J. Crit. Infrastruct. Prot. 10, 59–70 (2015)

    Article  Google Scholar 

  14. Moon, D.; Im, H.; Kim, I.; Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. (2015). doi:10.1007/s11227-015-1604-8

  15. Lin, H.; Slagell, A.; Kalbarczyk, Z.; Sauer, P.W.; Iyer, R.K.: Semantic security analysis of SCADA networks to detect malicious control commands in power grids. In: Proceedings of the First ACM Workshop on Smart Energy Grid Security, pp. 29–34 (2013)

  16. Gao, W.; Morris, T.H.: On cyber attacks and signature based intrusion detection for MODBUS based industrial control systems. J. Digit. Forensics Secur. Law JDFSL 9, 37 (2014)

    Google Scholar 

  17. Wang, Y.; Xu, Z.; Zhang, J.; Xu, L.; Wang, H.; Gu, G.: SRID: state relation based intrusion detection for false data injection attacks in SCADA. In: Computer Security-ESORICS 2014. Springer, pp. 401–418 (2014)

  18. Rusu, D.A.; Genge, B.; Siaterlis, C.: SPEAR: a systematic approach for connection pattern-based anomaly detection in SCADA systems. Procedia Technol. 12, 168–173 (2014)

    Article  Google Scholar 

  19. Jin, S.; Dan, T.; Zhang, L.; Liu, L.: A fuzzy Bayesian approach to enhance SCADA network security. In: Proceedings of International Conference on Computer Science and Information Technology, pp. 115–122 (2014)

  20. Nasr, P.M.; Varjani, A.Y.: Alarm based anomaly detection of insider attacks in SCADA system. In: Smart Grid Conference (SGC), Tehran, Iran, vol. 2014, pp. 1–6 (2014)

  21. McLaughlin, K.; Sezer, S.; Smith, P.; Ma, Z.; Skopik, F.: PRECYSE: cyber-attack detection and response for industrial control systems. In: Proceedings of the 2nd International Symposium on ICS and SCADA Cyber Security Research 2014, pp. 67–71 (2014)

  22. Jiang, J.; Yasakethu, L.: Anomaly detection via one class svm for protection of scada systems. In: International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), Beijing, pp. 82–88 (2013)

  23. Do, V.L.; Fillatre, L.; Nikiforov, I.: A statistical method for detecting cyber/physical attacks on SCADA systems. In: IEEE Conference on Control Applications (CCA), pp. 364–369 (2014)

  24. Hug, G.; Giampapa, J.A.: Vulnerability assessment of AC state estimation with respect to false data injection cyber-attacks. IEEE Trans. Smart Grid 3, 1362–1370 (2012)

    Article  Google Scholar 

  25. Yang, Y.; McLaughlin, K.; Littler, T.; Sezer, S.; Im, E.G.; Yao, Z., et al.: Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in Smart Grid SCADA systems. In: International Conference on Sustainable Power Generation and Supply (SUPERGEN 2012), pp. 1–8 (2012)

  26. Yang, X.-S.; Deb, S.: Engineering optimisation by cuckoo search. Int. J. Math. Model. Numer. Optim. 1, 330–343 (2010)

    MATH  Google Scholar 

  27. Yang, X.-S.; Deb, S.: Cuckoo search via Lévy flights. In: World Congress on Nature and Biologically Inspired Computing, 2009: NaBIC 2009, pp. 210–214 (2009)

  28. Power System Attack Datasets—Mississippi State University and Oak Ridge National Laboratory—4/15/2014 (2014). http://www.ece.uah.edu/~thm0009/icsdatasets/PowerSystem_Dataset_README.pdf

  29. Hsu, J.; Mudd, D.; Thornton, Z.: Mississippi State University Project Report-SCADA Anomaly Detection. http://www.ece.uah.edu/~thm0009/icsdatasets/MSU_SCADA_Final_Report.pdf (2014)

  30. Creech, G.; Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans. Comput. 63, 807–819 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  31. Creech, G.: The ADFA Intrusion Detection Datasets. https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/cybersecurity/ADFA-IDS-Datasets/ (2013)

  32. Ubuntu. Ubuntu Linux. http://www.ubuntu.com

  33. Morris, T.; Srivastava, A.; Reaves, B.; Gao, W.; Pavurapu, K.; Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4, 88–103 (2011)

  34. Pan, S.; Morris, T.; Adhikari, U.: Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. IEEE Trans. Ind. Inform. 11, 650–662 (2015)

    Article  Google Scholar 

  35. Borges Hink, R.C.; Beaver, J.M.; Buckner, M.A.; Morris, T.; Adhikari, U.; Pan, S.: Machine learning for power system disturbance and cyber-attack discrimination. In: 7th International Symposium on Resilient Control Systems (ISRCS), 2014, pp. 1–8 (2014)

  36. Lee, W.; Stolfo, S.J.; Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132 (1999)

  37. Ye, N.; Emran, S.M.; Chen, Q.; Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. Comput. 51, 810–820 (2002)

    Article  Google Scholar 

  38. Yeung, D.-Y.; Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognit. 36, 229–243 (2003)

    Article  MATH  Google Scholar 

  39. Warrender, C.; Forrest, S.; Pearlmutter, B.: Detecting intrusions using system calls: alternative data models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, 1999, pp. 133–145 (1999)

  40. Ahmed, U.; Masood, A.: Host based intrusion detection using RBF neural networks. In: International Conference on Emerging Technologies, 2009. ICET 2009, pp. 48–51 (2009)

  41. Chen, W.-H.; Hsu, S.-H.; Shen, H.-P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32, 2617–2634 (2005)

    Article  MATH  Google Scholar 

  42. Sharma, A.; Pujari, A.K.; Paliwal, K.K.: Intrusion detection using text processing techniques with a kernel based similarity measure. Comput. Secur. 26, 488–495 (2007)

    Article  Google Scholar 

  43. Rawat, S.; Gulati, V.P.; Pujari, A.K.: A fast host-based intrusion detection system using rough set theory. In: Transactions on Rough Sets IV, pp. 144–161. Springer (2005)

Download references

Author information

Authors and Affiliations

  1. Department of ECE, Kalasalingam University, Krishnakoil, Tamil Nadu, 626126, India

    Dhanalakshmi Krishnan Sadhasivan

  2. Department of Instrumentation and Control Engineering, Kalasalingam University, Krishnakoil, Tamil Nadu, India

    Kannapiran Balasubramanian

Authors
  1. Dhanalakshmi Krishnan Sadhasivan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kannapiran Balasubramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dhanalakshmi Krishnan Sadhasivan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Krishnan Sadhasivan, D., Balasubramanian, K. A Novel LWCSO-PKM-Based Feature Optimization and Classification of Attack Types in SCADA Network. Arab J Sci Eng 42, 3435–3449 (2017). https://doi.org/10.1007/s13369-017-2524-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-017-2524-0

Keywords

Search

Navigation