Intrusion Detection and Identification System Design and Performance Evaluation for Industrial SCADA Networks
Industrial SCADA networks are subject to cyber-attacks that have the potential to cause significant disruption, damage, and havoc. In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identific...
Saved in:
| Published in | International journal of safety and security engineering Vol. 12; no. 2; pp. 259 - 267 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
29.04.2022
|
| Online Access | Get full text |
| ISSN | 2041-9031 2041-904X |
| DOI | 10.18280/ijsse.120215 |
Cover
Loading…
| Abstract | Industrial SCADA networks are subject to cyber-attacks that have the potential to cause significant disruption, damage, and havoc. In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identification system for tens of different types of attacks against industrial SCADA networks. The machine learning classifier is trained and tested on the data generated using the laboratory prototype of a gas pipeline SCADA network. The dataset consists of three attack groups and seven different attack classes or categories. The same dataset further provides signatures of 35 different types of attacks which are related to those seven attack classes. The study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect and identify specifically each of the 35 attack types. The first stage of the classifier decides if a record is associated with normal operation or an attack signature. If the record is found to belong to an attack signature, then in the second stage, it is classified into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record is provided for a third stage attack type classification, where seven different classifiers are employed. The output from the third stage classifier identifies the attack type to which the record belongs. Simulation results indicate that designs exploring specialization to domains or executing the classification in multiple stages versus single-stage designs are promising for problems where there are tens of classes. Comparison with studies in the literature also indicated that the multi-stage classifier performed markedly better. |
|---|---|
| AbstractList | Industrial SCADA networks are subject to cyber-attacks that have the potential to cause significant disruption, damage, and havoc. In this paper, we present a study that proposes a three-stage classifier model which employs a machine learning algorithm to develop an intrusion detection and identification system for tens of different types of attacks against industrial SCADA networks. The machine learning classifier is trained and tested on the data generated using the laboratory prototype of a gas pipeline SCADA network. The dataset consists of three attack groups and seven different attack classes or categories. The same dataset further provides signatures of 35 different types of attacks which are related to those seven attack classes. The study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect and identify specifically each of the 35 attack types. The first stage of the classifier decides if a record is associated with normal operation or an attack signature. If the record is found to belong to an attack signature, then in the second stage, it is classified into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record is provided for a third stage attack type classification, where seven different classifiers are employed. The output from the third stage classifier identifies the attack type to which the record belongs. Simulation results indicate that designs exploring specialization to domains or executing the classification in multiple stages versus single-stage designs are promising for problems where there are tens of classes. Comparison with studies in the literature also indicated that the multi-stage classifier performed markedly better. |
| Author | Serpen, Gursel Khan, Ahsan A.Z. |
| Author_xml | – sequence: 1 givenname: Ahsan A.Z. surname: Khan fullname: Khan, Ahsan A.Z. – sequence: 2 givenname: Gursel surname: Serpen fullname: Serpen, Gursel |
| BookMark | eNo9kF1LwzAYhYNMcM5det8_0JmP1qSXo5taGCpMwbvyLn0jmW0qSabs31tX8eocDg_n4rkkE9c7JOSa0QVTXNEbuw8BF4xTzvIzMuU0Y2lBs7fJfxfsgsxD2FNKmSw4z9SUdJWL_hBs75IVRtTxt4FrkqpBF62xGk7T9hgidgMT7PsIPKM3ve_AaUzWX9AeRnDYkso1hxC9hTbZlsvVMnnE-N37j3BFzg20Aed_OSOvd-uX8iHdPN1X5XKTapbJPN0JToXMNCpjRFNIUCg0NEOAgp0sxG3DkTFQmnKZK6aB7liupTQDW-QgZiQdf7XvQ_Bo6k9vO_DHmtH6pKs-6apHXeIHT5NiJA |
| ContentType | Journal Article |
| DBID | AAYXX CITATION |
| DOI | 10.18280/ijsse.120215 |
| DatabaseName | CrossRef |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Business |
| EISSN | 2041-904X |
| EndPage | 267 |
| ExternalDocumentID | 10_18280_ijsse_120215 |
| GroupedDBID | 8FE 8FG AAYXX ABJCF AFKRA ALMA_UNASSIGNED_HOLDINGS BENPR BGLVJ CITATION EBS EJD HCIFZ IEFQH L6V M7S PIMPY PROAC |
| ID | FETCH-LOGICAL-c1475-b320374ce8ff3d97a8e3cada8ea8ab7936d2e11a8c027581ca0b15c77f97a95a3 |
| ISSN | 2041-9031 |
| IngestDate | Tue Jul 01 01:45:49 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 2 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c1475-b320374ce8ff3d97a8e3cada8ea8ab7936d2e11a8c027581ca0b15c77f97a95a3 |
| OpenAccessLink | https://www.iieta.org/download/file/fid/72976 |
| PageCount | 9 |
| ParticipantIDs | crossref_primary_10_18280_ijsse_120215 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2022-4-29 |
| PublicationDateYYYYMMDD | 2022-04-29 |
| PublicationDate_xml | – month: 04 year: 2022 text: 2022-4-29 day: 29 |
| PublicationDecade | 2020 |
| PublicationTitle | International journal of safety and security engineering |
| PublicationYear | 2022 |
| SSID | ssj0001792248 |
| Score | 2.1964085 |
| Snippet | Industrial SCADA networks are subject to cyber-attacks that have the potential to cause significant disruption, damage, and havoc. In this paper, we present a... |
| SourceID | crossref |
| SourceType | Index Database |
| StartPage | 259 |
| Title | Intrusion Detection and Identification System Design and Performance Evaluation for Industrial SCADA Networks |
| Volume | 12 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1JS8QwFA6jgngRV9zJQbxIxzZNp-lxcBf0ooJ4GdIkRUXHwY4Xf4K_2veatI3LQb10hpCGmX4fb-tbCNmWScZNzvNAZBoclFyHgVQ6CUA3cFDwPa0V1jufX_ROrvnZTXLT6bx7WUuv47yr3n6sK_kPqrAGuGKV7B-QbQ6FBfgO-MIVEIbrrzA-HWLJBAJ4YMbGDf3G_F7tcoAsurYrOezBZA1bHuCVCxw2_b6rlENvlsclwNTHkmBM3ip9M_ZzHNHrPlHKAnNAq2i8m4y3a9qWh414v7Nx1_5dCfKl373tNpEe8zKykvAY00se_agEOLQhD1zoohJeLOSY-uEkvPHXbEZmI32ZxzLmi1LXKdxqZWaHdnwT-OAwYork_UNZmm7E0IJpNVv9Nv-LwmvSENEBwgMG1e0De_sEmWLgcuA0DHF03Mbr0gysnWrAYf3XXMtWPGHP_wGeiePZKldzZNY5GbRvGTNPOma4QKbrGodF8tQQhzbEoYAZ_UwcaolDLXGqDR5xaEscCmu0JQ6tiENr4iyR66PDq_2TwM3dCFTE0yTIY4ZdiZQRRRHrLJXCxEpq-JBC5iDQe5qZKJJC4TtvESkZ5lGi0rSAvVki42UyOXwemhVCjYgNK1QkQiN5WhRgCxVxD3v4Ma7BM1klO_WjGoxse5XBj6is_XbjOplp-bhBJuFxmk2wG8f5VgXoBwWXc5Y |
| linkProvider | ProQuest |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Intrusion+Detection+and+Identification+System+Design+and+Performance+Evaluation+for+Industrial+SCADA+Networks&rft.jtitle=International+journal+of+safety+and+security+engineering&rft.au=Khan%2C+Ahsan+A.Z.&rft.au=Serpen%2C+Gursel&rft.date=2022-04-29&rft.issn=2041-9031&rft.eissn=2041-904X&rft.volume=12&rft.issue=2&rft.spage=259&rft.epage=267&rft_id=info:doi/10.18280%2Fijsse.120215&rft.externalDBID=n%2Fa&rft.externalDocID=10_18280_ijsse_120215 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2041-9031&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2041-9031&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2041-9031&client=summon |