Examines the design and use of Intrusion Detection Systems (IDS) to secure Supervisory Control and Data Acquisition (SCADA) systems
Cyber-attacks on SCADA systems-the control system architecture that uses computers, networked data communications, and graphical user interfaces for high-level process supervisory management-can lead to costly financial consequences or even result in loss of life. Minimizing potential risks and responding to malicious actions requires innovative approaches for monitoring SCADA systems and protecting them from targeted attacks. SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is designed to help security and networking professionals develop and deploy accurate and effective Intrusion Detection Systems (IDS) for SCADA systems that leverage autonomous machine learning.
Providing expert insights, practical advice, and up-to-date coverage of developments in SCADA security, this authoritative guide presents a new approach for efficient unsupervised IDS driven by SCADA-specific data. Organized into eight in-depth chapters, the text first discusses how traditional IT attacks can also be possible against SCADA, and describes essential SCADA concepts, systems, architectures, and main components. Following chapters introduce various SCADA security frameworks and approaches, including evaluating security with virtualization-based SCADAVT, using SDAD to extract proximity-based detection, finding a global and efficient anomaly threshold with GATUD, and more. This important book:
* Provides diverse perspectives on establishing an efficient IDS approach that can be implemented in SCADA systems
* Describes the relationship between main components and three generations of SCADA systems
* Explains the classification of a SCADA IDS based on its architecture and implementation
* Surveys the current literature in the field and suggests possible directions for future research
SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is a must-read for all SCADA security and networking researchers, engineers, system architects, developers, managers, lecturers, and other SCADA security industry practitioners.
Reihe
Sprache
Verlagsort
Verlagsgruppe
Zielgruppe
Maße
Höhe: 234 mm
Breite: 154 mm
Dicke: 15 mm
Gewicht
ISBN-13
978-1-119-60603-1 (9781119606031)
Schweitzer Klassifikation
ABDULMOHSEN ALMALAWI, PHD, is Assistant Professor, Department of Computer Science, University of King Abdulaziz, Saudi Arabia. His research is focused on machine learning. He is co-author of Network Classification for Traffic Management.
ZAHIR TARI, PHD, is Professor at RMIT University, Australia. He is on the editorial board of several journals, including ACM Computing Surveys, IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, and IEEE Cloud Computing.
ADIL FAHAD, PHD, is Assistant Professor, Department of Computer Science, University of Albaha, Saudi Arabia. His research interests are in the areas of wireless sensor networks, mobile networks, SCADA security, and ad-hoc networks with emphasis on data mining, statistical analysis/modelling, and machine learning.
XUN YI, PHD, is Professor, School of Computer Science and Information Technology, RMIT University, Australia. He has published more than 150 research papers in international journals and has led several Australia Research Council (ARC) Discovery projects. He is Associate Editor of IEEE Transactions on Dependable and Secure Computing.
Autor*in
The Royal Melbourne Institute of Technology, Australia
Foreword
Preface
Acknowledgments
Acronyms
Introduction
1 Motivation
1.1 Overview
1.2 Existing solutions
1.3 Significant research problems
1.4 Book focus
1.5 Book organisation
2 Background
2.1 SCADA systems
2.1.1 Main components
2.1.2 Architecture.
2.1.3 Protocols.
2.2 Intrusion Detection System (IDS).
2.2.1 SCADA network-based.
2.2.2 SCADA application-based.
2.3 IDS approaches
3 SCADA-based Security Testbed
3.1 Motivation.
3.2 Guidelines to building a SCADA Security Testbed
3.3 SCADAVT Details
3.3.1 The communication infrastructure
3.3.2 Computer-based SCADA components
3.3.3 SCADA protocols's implementation
3.3.4 Linking internal/external world components.
3.3.5 Simulation of a controlled environment
3.4 SCADAVT Application
3.4.1 The SCADAVT setup
3.4.2 The water distribution system setup.
3.4.3 SCADA system setup for WDS
3.4.4 Configuration steps.
3.5 Attack Scenarios.
3.5.1 Denial of Service (DoS) Attacks
3.5.2 Integrity Attacks.
3.6 Conclusion.
3.7 Appendix for this Chapter
3.7.1 Modbus registers mapping.
3.7.2 The configuration of IOModuleGate.
4 Efficientk-Nearest Neighbour Approach based on Various-WidthsClustering
4.1 Introduction
4.2 Related Work.
4.3 ThekNNVWC Approach.
4.3.1 FWC Algorithm and Its Limitations
4.3.2 Various-Widths Clustering.
Partitioning process.
Merging process.
Parameters
4.3.3 Thek-NN Search
4.4 Experimental Evaluation.
4.4.1 Data sets.
4.4.2 Performance Metrics
Reduction Rate of Distance Computations
Reduction Rate of Computation Time
4.4.3 Impact of Cluster Size.
4.4.4 Baseline Methods
KD-tree
Ball tree.
Cover tree
FWC
4.4.5 Distance Metric.
4.4.6 Complexity Metrics.
Search Time.
Construction Time.
4.5 Conclusion.
5 SCADA Data-Driven Anomaly Detection
5.1 Introduction
5.2 SDAD Approach.
5.2.1 Observation State of SCADA Points.
5.2.2 Separation of Inconsistent Observations.
Inconsistency scoring
The Separation Threshold.
5.2.3 Extracting Proximity-Detection Rules.
5.2.4 Inconsistency Detection.
5.3 Experimental Setup.
5.3.1 System Setup
5.3.2 WDS Scenario
5.3.3 Attack scenario.
5.3.4 Data sets.
Simulated Data Sets
Real Data Sets
5.3.5 Normalization
5.4 Results and Analysis.
5.4.1 Accuracy metrics.
5.4.2 Separation Accuracy of Inconsistent observations
5.4.3 Detection Accuracy.
k-means algorithm
SDAD Evaluation
5.5 SDAD Limitations
5.6 Conclusion.
6 A Global Anomaly Threshold to Unsupervised Detection)
6.1 Introduction
6.2 Related Work.
6.3 GATUD Approach
6.3.1 Learning of Most-Representative Data Sets.
Step 1: Anomaly Scoring
Step 2: Selection of Candidate Sets.
6.3.2 Decision-Making Model.
Illustrative Example.
6.4 Experimental Setup
6.4.1 Choice of Parameters
6.4.2 The Candidate Classifiers.
6.5 Results and Discussion.
6.5.1 Integrating GATUD into SDAD
Results of the separation process with/without GATUD
Results of proximity detection rules with/without GATUD
6.5.2 Integrating GATUD into clustering-based method.192xi
6.6 Conclusion.
7 Conclusion
7.1 Summary
A framework for SCADA security testbed (SCADAVT)
An efficient search fork-NN in large and high dimensional data.
Clustering-based proximity rules for SCADA anomaly detection.
Towards global anomaly threshold to unsupervised detection.
7.2 Future Work
Bibliography.209
