Start Date

30-9-2016 9:00 AM

Presentation Type

Paper

Description

Industrial control system (ICS) networks and supervisory control and data acquisition (SCADA) system networks are less likely to be within a strict closed network environment, which increases the likelihood of cyber-attacks. Over the last decade, intrusion detection has become an additional security measure for ICS and SCADA system networks to help prevent and minimize loss that may be sustained from cyber-attacks. ICS and SCADA network communication is typically repetitive and deterministic, which allows normal activity to be more easily modeled on the behavior of system specific events. Given this deterministic behavior, an unsupervised anomaly-based intrusion detection system may provide increased performance over the more typical misuse detection method. We propose an unsupervised machine learning approach for the implementation of a network IDS in power system applications. The approach would supplement a more complex IDS by quantifying the degree by which an event is an attack, given network data states, to improve intrusion detection and minimize false alarm rates. The clustering approach contains four key processes: data preprocessing, unsupervised learning (cluster analysis), generating features from clusters, and classifying states using the Mamdani fuzzy inference system. Data sets from a simulated power distribution system are used to illustrate the impact of the proposed approach.

Comments

The inaugural INSuREcon Conference was held on September 30, 2016. The conference was held virtually using Cisco Webex online meeting and video conferencing software.

Share

COinS
 
Sep 30th, 9:00 AM

A Clustering Approach to Industrial Network Intrusion Detection

Industrial control system (ICS) networks and supervisory control and data acquisition (SCADA) system networks are less likely to be within a strict closed network environment, which increases the likelihood of cyber-attacks. Over the last decade, intrusion detection has become an additional security measure for ICS and SCADA system networks to help prevent and minimize loss that may be sustained from cyber-attacks. ICS and SCADA network communication is typically repetitive and deterministic, which allows normal activity to be more easily modeled on the behavior of system specific events. Given this deterministic behavior, an unsupervised anomaly-based intrusion detection system may provide increased performance over the more typical misuse detection method. We propose an unsupervised machine learning approach for the implementation of a network IDS in power system applications. The approach would supplement a more complex IDS by quantifying the degree by which an event is an attack, given network data states, to improve intrusion detection and minimize false alarm rates. The clustering approach contains four key processes: data preprocessing, unsupervised learning (cluster analysis), generating features from clusters, and classifying states using the Mamdani fuzzy inference system. Data sets from a simulated power distribution system are used to illustrate the impact of the proposed approach.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.