Examines the design and use of Intrusion Detection Systems (IDS) to secure Supervisory Control and Data Acquisition (SCADA) systems

Cyber-attacks on SCADA systems—the control system architecture that uses computers, networked data communications, and graphical user interfaces for high-level process supervisory management—can lead to costly financial consequences or even result in loss of life. Minimizing potential risks and responding to malicious actions requires innovative approaches for monitoring SCADA systems and protecting them from targeted attacks. SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is designed to help security and networking professionals develop and deploy accurate and effective Intrusion Detection Systems (IDS) for SCADA systems that leverage autonomous machine learning.

Providing expert insights, practical advice, and up-to-date coverage of developments in SCADA security, this authoritative guide presents a new approach for efficient unsupervised IDS driven by SCADA-specific data. Organized into eight in-depth chapters, the text first discusses how traditional IT attacks can also be possible against SCADA, and describes essential SCADA concepts, systems, architectures, and main components. Following chapters introduce various SCADA security frameworks and approaches, including evaluating security with virtualization-based SCADAVT, using SDAD to extract proximity-based detection, finding a global and efficient anomaly threshold with GATUD, and more. This important book:

Provides diverse perspectives on establishing an efficient IDS approach that can be implemented in SCADA systems
Describes the relationship between main components and three generations of SCADA systems
Explains the classification of a SCADA IDS based on its architecture and implementation
Surveys the current literature in the field and suggests possible directions for future research

SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention is a must-read for all SCADA security and networking researchers, engineers, system architects, developers, managers, lecturers, and other SCADA security industry practitioners.

ABDULMOHSEN ALMALAWI, PHD, is Assistant Professor, Department of Computer Science, University of King Abdulaziz, Saudi Arabia. His research is focused on machine learning. He is co-author of Network Classification for Traffic Management.

ZAHIR TARI, PHD, is Professor at RMIT University, Australia. He is on the editorial board of several journals, including ACM Computing Surveys, IEEE Transactions on Computers, IEEE Transactions on Parallel and Distributed Systems, and IEEE Cloud Computing.

ADIL FAHAD, PHD, is Assistant Professor, Department of Computer Science, University of Albaha, Saudi Arabia. His research interests are in the areas of wireless sensor networks, mobile networks, SCADA security, and ad-hoc networks with emphasis on data mining, statistical analysis/modelling, and machine learning.

XUN YI, PHD, is Professor, School of Computer Science and Information Technology, RMIT University, Australia. He has published more than 150 research papers in international journals and has led several Australia Research Council (ARC) Discovery projects. He is Associate Editor of IEEE Transactions on Dependable and Secure Computing.

Foreword

Preface

Acknowledgments

Acronyms

Introduction

1 Motivation

1.1 Overview

1.2 Existing solutions

1.3 Significant research problems

1.4 Book focus

1.5 Book organisation

2 Background

2.1 SCADA systems

2.1.1 Main components

2.1.2 Architecture.

2.1.3 Protocols.

2.2 Intrusion Detection System (IDS).

2.2.1 SCADA network-based.

2.2.2 SCADA application-based.

2.3 IDS approaches

3 SCADA-based Security Testbed

3.1 Motivation.

3.2 Guidelines to building a SCADA Security Testbed

3.3 SCADAVT Details

3.3.1 The communication infrastructure

3.3.2 Computer-based SCADA components

3.3.3 SCADA protocols’s implementation

3.3.4 Linking internal/external world components.

3.3.5 Simulation of a controlled environment

3.4 SCADAVT Application

3.4.1 The SCADAVT setup

3.4.2 The water distribution system setup.

3.4.3 SCADA system setup for WDS

3.4.4 Configuration steps.

3.5 Attack Scenarios.

3.5.1 Denial of Service (DoS) Attacks

3.5.2 Integrity Attacks.

3.6 Conclusion.

3.7 Appendix for this Chapter

3.7.1 Modbus registers mapping.

3.7.2 The configuration of IOModuleGate.

4 Efficientk-Nearest Neighbour Approach based on Various-WidthsClustering

4.1 Introduction

4.2 Related Work.

4.3 ThekNNVWC Approach.

4.3.1 FWC Algorithm and Its Limitations

4.3.2 Various-Widths Clustering.

Partitioning process.

Merging process.

Parameters

4.3.3 Thek-NN Search

4.4 Experimental Evaluation.

4.4.1 Data sets.

4.4.2 Performance Metrics

Reduction Rate of Distance Computations

Reduction Rate of Computation Time

4.4.3 Impact of Cluster Size.

4.4.4 Baseline Methods

KD-tree

Ball tree.

Cover tree

FWC

4.4.5 Distance Metric.

4.4.6 Complexity Metrics.

Search Time.

Construction Time.

4.5 Conclusion.

5 SCADA Data-Driven Anomaly Detection

5.1 Introduction

5.2 SDAD Approach.

5.2.1 Observation State of SCADA Points.

5.2.2 Separation of Inconsistent Observations.

Inconsistency scoring

The Separation Threshold.

5.2.3 Extracting Proximity-Detection Rules.

5.2.4 Inconsistency Detection.

5.3 Experimental Setup.

5.3.1 System Setup

5.3.2 WDS Scenario

5.3.3 Attack scenario.

5.3.4 Data sets.

Simulated Data Sets

Real Data Sets

5.3.5 Normalization

5.4 Results and Analysis.

5.4.1 Accuracy metrics.

5.4.2 Separation Accuracy of Inconsistent observations

5.4.3 Detection Accuracy.

k-means algorithm

SDAD Evaluation

5.5 SDAD Limitations

5.6 Conclusion.

6 A Global Anomaly Threshold to Unsupervised Detection)

6.1 Introduction

6.2 Related Work.

6.3 GATUD Approach

6.3.1 Learning of Most-Representative Data Sets.

Step 1: Anomaly Scoring

Step 2: Selection of Candidate Sets.

6.3.2 Decision-Making Model.

Illustrative Example.

6.4 Experimental Setup

6.4.1 Choice of Parameters

6.4.2 The Candidate Classifiers.

6.5 Results and Discussion.

6.5.1 Integrating GATUD into SDAD

Results of the separation process with/without GATUD

Results of proximity detection rules with/without GATUD

6.5.2 Integrating GATUD into clustering-based method.192xi

6.6 Conclusion.

7 Conclusion

7.1 Summary

A framework for SCADA security testbed (SCADAVT)

An efficient search fork-NN in large and high dimensional data.

Clustering-based proximity rules for SCADA anomaly detection.

Towards global anomaly threshold to unsupervised detection.

7.2 Future Work

Bibliography.209

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rent More, Save More! Use code: ECRENTAL

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

SCADA Security Machine Learning Concepts for Intrusion Detection and Prevention

How To: Textbook Rental

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program