Forget the Myth of the Air Gap: Machine Learningfor Reliable Intrusion Detection in SCADA Systems

Lopez Perez, Rocio; Adamsky, Florian; Soua, Ridha; Engel, Thomas

Reference : Forget the Myth of the Air Gap: Machine Learningfor Reliable Intrusion Detection in S...


	Document type :	Scientific journals : Article
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/40125

Title :	Forget the Myth of the Air Gap: Machine Learningfor Reliable Intrusion Detection in SCADA Systems
Language :	English
Author, co-author :	Lopez Perez, Rocio [> >]
	Adamsky, Florian [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Soua, Ridha [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	29-Jan-2019
Journal title :	EAI Endorsed Transactions on Security and Safety
Publisher :	European Alliance for Innovation (EAI)
Peer reviewed :	Yes
Audience :	International
e-ISSN :	2032-9393
Keywords :	[en] Critical Infrastructures ; SCADA ; Anomaly detection ; machine learning
Abstract :	[en] Since Critical Infrastructures (CIs) use systems and equipment that are separated by long distances,Supervisory Control And Data Acquisition (SCADA) systems are used to monitor their behaviour and to send commands remotely. For a long time, operator of CIs applied the air gap principle, a security strategy that physically isolates the control network from other communication channels. True isolation, however,is difficult nowadays due to the massive spread of connectivity: using open protocols and more connectivity opens new network attacks against CIs. To cope with this dilemma, sophisticated security measures are needed to address malicious intrusions, which are steadily increasing in number and variety. However, traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases. To this end, we assess in this paper Machine Learning (ML) techniques for anomaly detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU).The contribution of this paper is two-fold: 1) The evaluation of four techniques for missing data estimation and two techniques for data normalization, 2) The performances of Support Vector Machine (SVM), Random Forest (RF), Bidirectional Long Short Term Memory (BLSTM) are assessed in terms of accuracy, precision,recall and F1 score for intrusion detection. Two cases are differentiated: binary and categorical classifications.Our experiments reveal that RF and BLSTM detect intrusions effectively, with an F1 score of respectively>99% and>96%
Target :	Researchers ; Professionals ; General public
Permalink :	http://hdl.handle.net/10993/40125
Framework Programme / European Project :	H2020 ; 700581 - ATENA - Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Machine_Learning_for_Reliable_Network_Attack_Detection_in_SCADA_Systems.pdf		Author preprint	342.49 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices