Determination of Optimal Cluster Number in Connection to SCADA

  • Jan VávraEmail author
  • Martin Hromada
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 575)


The recent evolution of cyber-attacks creates eminent pressure on information and communication systems. The increasing number of cyber-attacks and their sophistication have resulted in needs of the new type of cyber defense. The anomaly detection in relation to intrusion detection system (IDS) in connection with standard cyber defense technologies may be the answer to contemporary development in cyber security. Moreover, unsupervised anomaly detection based on K-means algorithm is broadly examined by a considerable number of researchers. Therefore, the algorithm is a solid selection in relation to intrusion detection system. However, one of the problems is to determine a proper number of cluster for the K-means. Nonetheless, there are methods to determine the optimal number of clusters. The aim of the article is to determine the number of clusters in relation to Supervisory Control and Data Acquisition system.


Cyber security Clusters Anomaly detection Supervisory control Data acquisition 



This work was funded by the Internal Grant Agency (IGA/FAI/2017/003) and supported by the project ev. no. VI20152019049 “RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems”, supported by the Ministry of the Interior of the Czech Republic in the years 2015–2019 and also supported by the research project VI20172019054 “An analytical software module for the real-time resilience evaluation from point of the converged security”, supported by the Ministry of the Interior of the Czech Republic in the years 2017–2019. Moreover, this work was supported by the Ministry of Education, Youth and Sports of the Czech Republic within the National Sustainability Programme project No. LO1303 (MSMT-7778/2014) and also by the European Regional Development Fund under the project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089.


  1. 1.
    Vávra, J., Hromada, M.: An evaluation of cyber threats to industrial control systems. In: The ICMT 2015 Conference Proceeding, 19–21 May 2015, Brno, pp. 369–373 (2015). ISBN 978-80-7231-976-3Google Scholar
  2. 2.
    Horkan, M.: Challenges for IDS/IPS deployment in industrial control systems (2015)Google Scholar
  3. 3.
    Pollet, J.: SCADA 2017: the future of SCADA security. Red Tiger Security (2017)Google Scholar
  4. 4.
    Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using model-based intrusion detection for SCADA networks. In: Proceedings of the SCADA Security Scientific Symposium, vol. 46, pp. 1–12 (2007)Google Scholar
  5. 5.
    Verba, J., Milvich, M.: Idaho national laboratory supervisory control and data acquisition intrusion detection system (SCADA IDS). In: 2008 IEEE Conference on Technologies for Homeland Security, pp. 469–473. IEEE (2008)Google Scholar
  6. 6.
    Valli, C.: SCADA forensics with snort IDS. In: Proceedings of WORLDCOMP 2009, Security and Management, Las Vegas, USA, pp. 618–621 (2009)Google Scholar
  7. 7.
    Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: State-based network intrusion detection systems for SCADA protocols: a proof of concept. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 138–150. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14379-3_12 CrossRefGoogle Scholar
  8. 8.
    Zhu, B., Sastry, S.: Intrusion detection and resilient control for SCADA systems. In: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection: Approaches for Threat Protection, p. 352 (2012)Google Scholar
  9. 9.
    Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Wang, H.F.: Rule-based intrusion detection system for SCADA networks. In: Renewable Power Generation Conference (RPG 2013), 2nd IET, pp. 1–4. IET (2013)Google Scholar
  10. 10.
    Maglaras, L.A., Jiang, J.: Intrusion detection in scada systems using machine learning techniques. In: Science and Information Conference (SAI), pp. 626–631. IEEE (2014)Google Scholar
  11. 11.
    Marton, I., Sánchez, I.A., Carlos, S., Martorella, S.: Application of data driven methods for condition monitoring maintenance. Chem. Eng. Trans. 33, 301–306 (2013)Google Scholar
  12. 12.
    Tomlin Jr., L., Farnam, M.R.: A clustering approach to industrial network intrusion detection (2016)Google Scholar
  13. 13.
    Chiang, M.M.T., Mirkin, B.: Intelligent choice of the number of clusters in k-means clustering: an experimental study with different cluster spreads. J. Classif. 27(1), 3–40 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Yang, Y., McLaughlin, K., Sezer, S., Littler, T., Im, E.G., Pranggono, B., Wang, H.F.: Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Trans. Power Deliv. 29(3), 1092–1102 (2014)CrossRefGoogle Scholar
  15. 15.
    Vávra, J., Hromada, M.: Comparison of the intrusion detection system rules in relation with the SCADA systems. In: Silhavy, R., Senkerik, R., Oplatkova, Z., Silhavy, P., Prokopova, Z. (eds.) Software Engineering Perspectives and Application in Intelligent Systems. AISC, vol. 465, pp. 159–169. Springer, Cham (2010). doi: 10.1007/978-3-319-33622-0_15 CrossRefGoogle Scholar
  16. 16.
    Macaulay, T., Singer, B.: Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS. 193 p. CRC Press, Boca Raton (2012). ISBN 14-398-0196-7Google Scholar
  17. 17.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)CrossRefGoogle Scholar
  18. 18.
    Akoglu, L., Tong, H., Koutra, D.: Graph based anomaly detection and description: a survey. Data Min. Knowl. Discov. 29(3), 626–688 (2015)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS One 11(4), e0152173 (2016)CrossRefGoogle Scholar
  20. 20.
    Peeples, M.A.: R script for K-means cluster analysis (2011)Google Scholar
  21. 21.
    Rousseeuw, P.J.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20, 53–65 (1987)CrossRefzbMATHGoogle Scholar
  22. 22.
    Pan, S., Morris, T., Adhikari, U.: A specification-based intrusion detection framework for cyber-physical environment in electric power system. Int. J. Netw. Secur. (IJNS) 17(2), 174–188 (2015)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Faculty of Applied InformaticsTomas Bata University in ZlinZlínCzech Republic

Personalised recommendations