Abstract
Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work helps in accelerating the mitigation process by notifying the operator with additional information when an anomaly occurs. This additional information includes the probability and confidence level of event(s) occurring. The model is trained and tested using a real-world dataset.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adepu, S., Mathur, A.: Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pp. 449–460. ACM (2016)
Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S.: A SCADA system testbed for cybersecurity and forensic research and pedagogy. In: Proceedings of the 2nd Annual Industrial Control System Security Workshop, pp. 1–9. ACM (2016)
Amin, S., Litrico, X., Sastry, S.S., Bayen, A.M.: Cyber security of water scada systems-part ii: attack detection using enhanced hydrodynamic models. IEEE Trans. Control. Syst. Technol. 21(5), 1679–1693 (2013)
Amin, S., Litrico, X., Sastry, S., Bayen, A.M.: Cyber security of water scada systems-part i: analysis and experimentation of stealthy deception attacks. IEEE Trans. Control. Syst. Technol. 21(5), 1963–1970 (2013)
Barber, D.: Bayesian Reasoning and Machine Learning. Cambridge University Press, Cambridge (2012)
Bellekens, X., et al.: Cyber-physical-security model for safety-critical IoT infrastructures. In: Wireless World Research Forum Meeting, vol. 35 (2015)
Brenner, J.F.: Eyes wide shut: the growing threat of cyber attacks on industrial control systems. Bull. At. Sci. 69(5), 15–20 (2013). https://doi.org/10.1177/0096340213501372
Bujari, A., Furini, M., Mandreoli, F., Martoglia, R., Montangero, M., Ronzani, D.: Standards, security and business models: key challenges for the iot scenario. Mob. Netw. Appl. 23(1), 147–154 (2018)
Calderón Godoy, A.J., González Pérez, I.: Integration of sensor and actuator networks and the scada system to promote the migration of the legacy flexible manufacturing system towards the industry 4.0 concept. J. Sens. Actuator Netw. 7(2), 23 (2018)
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 355–366. ACM (2011)
Cheng, L., Tian, K., Yao, D.D.: Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks. In: Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 315–326. ACM (2017)
Gupta, B., Agrawal, D.P., Yamaguchi, S., Arachchilage, N.A., Veluru, S.: Editorial security, privacy, and forensics in the critical infrastructure: advances and future directions (2017)
Hindy, H., et al.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv preprint arXiv:1806.03517 (2018)
Hindy, H., Hodo, E., Bayne, E., Seeam, A., Atkinson, R., Bellekens, X.: A taxonomy of malicious traffic for intrusion detection systems. In: Proceedings of the Cyber SA 2018. IEEE, June 2018
Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the modbus protocols. Int. J. Crit. Infrastruct. Prot. 1, 37–44 (2008)
Jensen, E.T.: Computer attacks on critical national infrastructure: a use of force invoking the right of self-defense. Stanf. J. Int. Law 38, 207 (2002)
Jiang, N., Lin, H., Yin, Z., Xi, C.: Research of paired industrial firewalls in defense-in-depth architecture of integrated manufacturing or production system. In: 2017 IEEE International Conference on Information and Automation (ICIA), pp. 523–526. IEEE (2017)
Hosmer Jr., D.W., Lemeshow, S., Sturdivant, R.X.: Applied Logistic Regression, vol. 398. Wiley, Hoboken (2013)
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011). https://doi.org/10.1109/MSP.2011.67
Larose, D.T., Larose, C.D.: Discovering Knowledge in Data: An Introduction to Data Mining. Wiley, Hoboken (2014)
Laso, P.M., Brosset, D., Puentes, J.: Dataset of anomalies and malicious acts in a cyber-physical subsystem (2017). https://doi.org/10.1016/j.dib.2017.07.038, http://www.sciencedirect.com/science/article/pii/S2352340917303402, iD: 311593
Lee, R.M., Assante, M.J., Conway, T.: Analysis of the cyber attack on the Ukrainian power grid. SANS ICS Report (2016)
Lior, R.: Data Mining with Decision Trees: Theory and Applications, vol. 81. World Scientific, Singapore (2014)
Mathur, A.: On the limits of detecting process anomalies in critical infrastructure. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, p. 1. ACM (2018)
Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. 46(4), 55:1–55:29 (2014). https://doi.org/10.1145/2542049
Steinwart, I., Christmann, A.: Support Vector Machines. Springer, Heidelberg (2008). https://doi.org/10.1007/978-0-387-77242-4
Tan, E.E.: Cyber Deterrence in Singapore: Framework & Recommendations, RSIS Working Paper, No. 309. Nanyang Technological University, Singapore (2018)
Ten, C.W., Manimaran, G., Liu, C.C.: Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum. 40(4), 853–865 (2010)
VanderPlas, J.: Python Data Science Handbook: Essential Tools for Working with Data. O’ Reilly Media, Inc., Sebastopol (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hindy, H., Brosset, D., Bayne, E., Seeam, A., Bellekens, X. (2019). Improving SIEM for Critical SCADA Water Infrastructures Using Machine Learning. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2018 2018. Lecture Notes in Computer Science(), vol 11387. Springer, Cham. https://doi.org/10.1007/978-3-030-12786-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-12786-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12785-5
Online ISBN: 978-3-030-12786-2
eBook Packages: Computer ScienceComputer Science (R0)