survey

A Taxonomy of Supervised Learning for IDSs in SCADA Environments

Authors:

Jakapan Suaboot,

Abdun Naser Mahmood,

Abdulmohsen Almalawi,

Albert Y. Zomaya,

Khalil DriraAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 53, Issue 2

Article No.: 40, Pages 1 - 37

https://doi.org/10.1145/3379499

Published: 17 April 2020 Publication History

Abstract

Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.

References

[1]

Marshall D. Abrams and Joe Weiss. 2008. Malicious control system cyber security attack case study--Maroochy Water Services, Australia. https://www.acsac.org/2008/program/case-studies/Abrams.pdf.

[2]

Kavita Agrawal and Hemant Makwana. 2015. A study on critical capabilities for security information and event management. International Journal of Science and Research 4, 7 (2015), 1893--1896.

[3]

Mohiuddin Ahmed, Adnan Anwar, Abdun Naser Mahmood, Zubair Shah, and Michael J. Maher. 2015. An investigation of performance analysis of anomaly detection techniques for big data in SCADA systems. EAI Endorsed Transactions on Industrial Networks And Intelligent Systems 2 (2015), 1--16. Issue 3,e5.

[4]

Selim Aksoy and Robert M. Haralick. 2001. Feature normalization and likelihood-based similarity measures for image retrieval. Pattern Recognition Letters 22, 5 (2001), 563--582.

Digital Library

[5]

Cristina Alcaraz and Javier Lopez. 2014. Diagnosis mechanism for accurate monitoring in critical infrastructure protection. Computer Standards 8 Interfaces 36, 3 (2014), 501--512.

[6]

Cristina Alcaraz and Javier Lopez. 2014. WASAM: A dynamic wide-area situational awareness model for critical domains in smart grids. Future Generation Computer Systems 30 (2014), 146--154.

Digital Library

[7]

Abdul Mohsen Afaf Almalawi. 2014. Designing Unsupervised Intrusion Detection for SCADA Systems. Ph.D. Dissertation. RMIT University, School of Computer Science.

[8]

Abdul Mohsen Afaf Almalawi, Xinghuo Yu, Zahir Tari, Adil Alharthi Fahad, and Ibrahim Khalil. 2014. An unsupervised anomaly-based detection approach for integrity attacks on SCADA systems. Elsevier Journal on Computers 8 Security 46 (2014), 94--110.

[9]

Tomasz Andrysiak, Łukasz Saganowski, and Wojciech Mazurczyk. 2016. Network anomaly detection for railway critical infrastructure based on autoregressive fractional integrated moving average. Springer Journal on Wireless Communications and Networking, 1 (2016), 245.

[10]

Adnan Anwar and Abdun Naser Mahmood. 2014. Vulnerabilities of smart grid state estimation against false data injection attack. Springer Journal on Renewable Energy Integration, 411--428.

[11]

Adnan Anwar, Abdun Naser Mahmood, and Mohiuddin Ahmed. 2014. False data injection attack targeting the LTC transformers to disrupt smart grid operation. In International Conference on Security and Privacy in Communication Systems. Springer International Publishing, Cham, 252--266.

[12]

Adnan Anwar, Abdun Naser Mahmood, and Mark Pickering. 2017. Modeling and performance evaluation of stealthy false data injection attacks on smart grid in the presence of corrupted measurements. Elsevier Journal of Computer and System Sciences 83, 1 (2017), 58--72.

[13]

Adnan Anwar, Abdun Naser Mahmood, and Zahir Tari. 2015. Identification of vulnerable node clusters against false data injection attack in an AMI based smart grid. Elsevier Journal on Information Systems 53 (2015), 201--212.

Digital Library

[14]

Adnan Anwar, Abdun N. Mahmood, and Zahir Tari. 2017. Ensuring data integrity of OPF module and energy database by detecting changes in power flow patterns in smart grids. IEEE Transactions on Industrial Informatics 13, 6 (2017), 3299--3311.

[15]

Aditya Ashok, Manimaran Govindarasu, and Jianhui Wang. 2017. Cyber-physical attack-resilient wide-area monitoring, protection, and control for the power grid. Proceedings of the IEEE 105, 7 (2017), 1389--1407.

[16]

Aditya Ashok, Siddharth Sridhar, A. David McKinnon, Wang Pengyuan, and Manimaran Govindarasu. 2016. Testbed-based performance evaluation of Attack Resilient Control for AGC. In 2016 Resilience Week (RWS). IEEE, Chicago, IL, 125--129.

[17]

Muhammad Kamran Asif and Yahya Subhi Al-Harthi. 2014. Intrusion detection system using honey token based encrypted pointers to mitigate cyber threats for critical infrastructure networks. In 2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC). IEEE, San Diego, CA, 1266--1270.

[18]

Guillaume Babin, Yamine Aït-Ameur, Neeraj Kumar Singh, and Marc Pantel. 2016. A system substitution mechanism for hybrid systems in Event-B. In International Conference on Formal Engineering Methods. Springer International Publishing, Cham, 106--121.

[19]

Patrick Biernacki and Dan Waldorf. 1981. Snowball sampling: Problems and techniques of chain referral sampling. Sociological Methods 8 Research 10, 2 (1981), 141--163.

[20]

Christopher M. Bishop. 1995. Neural Networks for Pattern Recognition. Oxford University Press, New York,.

Digital Library

[21]

Thomas d’Otreppe de Bouvette. 2009. Aircrack-ng - Main documentation. Retrieved Apirl 1, 2019 from https://www.aircrack-ng.org/documentation.html

[22]

Stuart A. Boyer. 2009. SCADA: Supervisory Control and Data Acquisition (4th ed.). International Society of Automation.

Digital Library

[23]

Nemanja Branisavljević, Zoran Kapelan, and Duśan Prodanović. 2011. Improved real-time data anomaly detection using context classification. IWA Journal of Hydroinformatics 13, 3 (2011), 307--323.

[24]

Andrea Carcano, Alessio Coletta, Michele Guglielmi, Marcelo Masera, Igor Nai Fovino, and Alberto Trombetta. 2011. A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Transactions on Industrial Informatics 7, 2 (May 2011), 179--186.

[25]

Zhongqiang Chen, Mema Roussopoulos, Zhanyan Liang, Yuan Zhang, Zhongrong Chen, and Alex Delis. 2012. Malware characteristics and threats on the internet ecosystem. Journal of Systems and Software 85, 7 (2012), 1650--1672.

Digital Library

[26]

Zhongqiang Chen, Yuan Zhang, Zhongrong Chen, and Alex Delis. 2009. A digest and pattern matching-based intrusion detection engine. Comput. J. 52, 6 (2009), 699--723.

Digital Library

[27]

Peter Clark and Tim Niblett. 1989. The CN2 induction algorithm. Machine Learning 3, 4 (1989), 261--283.

Digital Library

[28]

William W. Cohen and Yoram Singer. 1999. A simple, fast, and effective rule learner. In Proceedings of the 16th National Conference on Artificial Intelligence and the Eleventh Innovative Applications of Artificial Intelligence Conference Innovative Applications of Artificial Intelligence. American Association for Artificial Intelligence, Menlo Park, CA, 335--342.

[29]

Corinna Cortes and Vladimir Vapnik. 1995. Support-vector networks. Machine Learning 20, 3 (1995), 273--297.

[30]

Maurilio Pereira Coutinho, Germano Lambert-Torres, Luiz Eduardo Borges da Silva, Jonas Guedes Borges da Silva, Jose Cabral Neto, and Horst Lazarek. 2008. Improving a methodology to extract rules to identify attacks in power system critical infrastructure: New results. In IEEE Conference on Transmission, Distribution and Exposition. IEEE, Chicago, IL, 1--6.

[31]

Tiago Cruz, Luis Rosa, Jorge Proença, Leandros Maglaras, Matthieu Aubigny, Leonid Lev, Jianmin Jiang, and Paulo Simões. 2016. A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics (TII) 12, 6 (2016), 2236--2246.

[32]

Eduardo Germano da Silva, Anderson Santos da Silva, Juliano Araujo Wickboldt, Paul Smith, Lisandro Zambenedetti Granville, and Alberto Schaeffer-Filho. 2016. A one-class NIDS for SDN-based SCADA systems. In 40th IEEE Annual Computer Software and Applications Conference (COMPSAC), Vol. 1. IEEE, Atlanta, GA, 303--312.

[33]

Arthur P. Dempster, Nan M. Laird, and Donald B. Rubin. 1977. Maximum likelihood from incomplete data via the EM algorithm. Journal of the Royal Statistical Society: Series B (Methodological) 39, 1 (1977), 1--22.

[34]

Dorothy E. Denning. 1987. An intrusion-detection model. IEEE Transactions on Software Engineering SE-13, 2 (Feb. 1987), 222--232.

Digital Library

[35]

Digitalbond.com. 2013. IDS-signatures/modbus-tcp. Retrieved December, 2018 from http://www.digitalbond.com/index.php/research/ids-signatures/modbus-tcp-ids-signatures/.

[36]

Bradley Efron and Robert J. Tibshirani. 1994. An Introduction to the Bootstrap. CRC Press, New York.

[37]

Noam Erez and Avishai Wool. 2015. Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems. Elsevier International Journal of Critical Infrastructure Protection 10 (2015), 59--70.

Digital Library

[38]

Terry Escamilla. 1998. Intrusion Detection: Network Security Beyond the Firewall. Vol. 8. John Wiley, New York.

[39]

Mustafa Amir Faisal, Zeyar Aung, John R. Williams, and Abel Sanchez. 2012. Securing advanced metering infrastructure using intrusion detection system with data stream mining. Springer Journal on Intelligence and Security Informatics 7299 (2012), 96--111.

Digital Library

[40]

Igor Nai Fovino, Andrea Carcano, Thibault De Lacheze Murel, Alberto Trombetta, and Marcelo Masera. 2010. Modbus/DNP3 state-based intrusion detection system. In 24th IEEE International Conference on Advanced Information Networking and Applications (AINA). IEEE, Perth, Australia, 729--736.

Digital Library

[41]

Igor Nai Fovino, Alessio Coletta, Andrea Carcano, and Marcelo Masera. 2012. Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics 59, 10 (October 2012), 3943--3950.

[42]

Ivo Friedberg, Florian Skopik, Giuseppe Settanni, and Roman Fiedler. 2015. Combating advanced persistent threats: From network event correlation to incident detection. Computers 8 Security 48 (2015), 35--57.

[43]

Nir Friedman, Dan Geiger, and Moises Goldszmidt. 1997. Bayesian network classifiers. Machine Learning 29, 2--3 (1997), 131--163.

Digital Library

[44]

Jingcheng Gao, Jing Liu, Bharat Rajan, Rahul Nori, Bo Fu, Yang Xiao, Wei Liang, and C. L. Philip Chen. 2014. SCADA communication and security issues. Security and Communication Networks 7, 1 (2014), 175--194.

Digital Library

[45]

Iñaki Garitano, Roberto Uribeetxeberria, and Urko Zurutuza. 2011. A review of SCADA anomaly detection systems. In 6th Springer International Conference on Soft Computing Models in Industrial and Environmental Applications. Springer Berlin Heidelberg, Berlin, Heidelberg, 357--366.

[46]

Bela Genge, Piroska Haller, and Istvan Kiss. 2016. A framework for designing resilient distributed intrusion detection systems for critical infrastructures. International Journal of Critical Infrastructure Protection 15 (2016), 3--11.

[47]

Radhika Goel, Anjali Sardana, and Ramesh C. Joshi. 2012. Parallel misuse and anomaly detection model. International Journal of Network Security 14, 4 (2012), 211--222.

[48]

Philip Gross, Janak Parekh, and Gail Kaiser. 2004. Secure selecticast for collaborative intrusion detection systems. In 3rd International Workshop on Distributed Event-Based Systems (DEBS). Institution of Engineering and Technology, Edinburgh, UK, 50--55.

[49]

Jiawei Han, Micheline Kamber, and Jian Pei. 2012. Data Mining: Concepts and Techniques (3rd ed.). Elsevier, MA.

[50]

Hannes Holm, Martin Karresand, Arne Vidström, and Erik Westring. 2015. A survey of industrial control system testbeds. In 20th Nordic Conference on Secure IT Systems (NordSec 2015). Springer International Publishing, Stockholm, Sweden, 11--26.

[51]

Jasenko Hosic, Jereme Lamps, and Derek H. Hart. 2015. Evolving decision trees to detect anomalies in recurrent ICS networks. In IEEE World Congress on Industrial Control Systems Security (WCICSS). IEEE, London, UK, 50--57.

[52]

William Hurst, Madjid Merabti, and Paul Fergus. 2014. Big data analysis techniques for cyber-threat detection in critical infrastructures. In 28th IEEE International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE, Victoria, BC, Canada, 916--921.

Digital Library

[53]

Modbus IDA. 2004. Modbus messaging on tcp/ip implementation guide v1. 0a. http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0a.pdf.

[54]

Vinay M. Igure, Sean A. Laughter, and Ronald D. Williams. 2006. Security issues in SCADA networks. Computers 8 Security 25, 7 (2006), 498--506.

[55]

V. Jaiganesh, S. Mangayarkarasi, and P. Sumathi. 2013. Intrusion detection systems: A survey and analysis of classification techniques. International Journal of Advanced Research in Computer and Communication Engineering 2, 4 (2013), 1629--1635.

[56]

Mahdi Jamei, Emma Stewart, Sean Peisert, Anna Scaglione, Chuck McParland, Ciaran Roberts, and Alex McEachern. 2016. Micro synchrophasor-based intrusion detection in automated distribution systems: Toward critical infrastructure security. IEEE Internet Computing 20, 5 (2016), 18--27.

Digital Library

[57]

Khurum Nazir Junejo and Jonathan Goh. 2016. Behaviour-based attack detection and classification in cyber physical systems using machine learning. In 2nd ACM International Workshop on Cyber-Physical System Security (CPSS’16). ACM, New York, 34--43.

Digital Library

[58]

Andrey Olegovich Kalashnikov and Ekaterina Sakrutina. 2018. Towards risk potential of significant plants of critical information infrastructure. In International Russian Automation Conference (RusAutoCon). IEEE, Sochi, Russia, 1--6.

[59]

David G. Kleinbaum, Lawrence L. Kupper, Keith E. Muller, and Azhar Nizam. 1988. Applied Regression Analysis and Other Multivariable Methods. Vol. 601. Duxbury Press Belmont, CA, Boston, MA.

Digital Library

[60]

Roman Klinger and Katrin Tomanek. 2007. Classical Probabilistic Models and Conditional Random Fields. Dortmund University of Technology, Dortmund, Germany.

[61]

Anna Magdalena Kosek. 2016. Contextual anomaly detection for cyber-physical security in smart grids based on an artificial neural network model. In IEEE Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG). IEEE, Vienna, Austria, 1--6.

[62]

Anna Magdalena Kosek and Oliver Gehrke. 2016. Ensemble regression model-based anomaly detection for cyber-physical intrusion detection in smart grids. In IEEE Electrical Power and Energy Conference (EPEC). IEEE, Ottawa, ON, Canada, 1--7.

[63]

Dhanalakshmi Krishnan Sadhasivan and Kannapiran Balasubramanian. 2017. A fusion of multiagent functionalities for effective intrusion detection system. Security and Communication Networks 2017, Article 216078 (2017), 15 pages.

[64]

Sathish Alampalayam P. Kumar, Anup Kumar, and S. Srinivasan. 2007. Statistical based intrusion detection framework using six sigma technique. International Journal of Computer Science and Network Security 7, 10 (2007), 333--342.

[65]

Roger J. Lewis. 2000. An introduction to classification and regression tree (CART) analysis. In Annual Meeting of the Society for Academic Emergency Medicine. The Pennsylvania State University, San Francisco, CA, 1--14.

[66]

Wei Li. 2004. Using genetic algorithm for network intrusion detection. In Proceedings of the United States Department of Energy Cyber Security Group 2004 Training Conference. Louisiana State University, Kansas City, KS, USA, 24--27.

[67]

Wenmin Li, Jiawei Han, and Jian Pei. 2001. CMAR: Accurate and efficient classification based on multiple class-association rules. In Proceedings 2001 IEEE International Conference on Data Mining. IEEE, San Jose, CA, USA, 369--376.

[68]

Anna D. P. Lotufo, Fernando P. A. Lima, and Carlos R. Minussi. 2014. Disturbance detection for optimal database storage in electrical distribution systems using artificial immune systems with negative selection. Elsevier Journal on Electric Power Systems Research 109 (2014), 54--62.

[69]

Ondrej Linda, Todd Vollmer, and Milos Manic. 2009. Neural network based intrusion detection system for critical infrastructures. In International Joint Conference on Neural Networks (IJCNN). IEEE, Atlanta, GA, 1827--1834.

[70]

Bing Liu, Wynne Hsu, and Yiming Ma. 1998. Integrating classification and association rule mining. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining. ACM, New York, 80--86.

[71]

Leandros A. Maglaras and Jianmin Jiang. 2014. Intrusion detection in SCADA systems using machine learning techniques. In IEEE Science and Information Conference (SAI), 2014. IEEE, London, UK, 626--631.

[72]

Leandros A. Maglaras, Jianmin Jiang, and Tiago J. Cruz. 2016. Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems. Elsevier Journal of Information Security and Applications 30 (2016), 15--26.

Digital Library

[73]

Abdun Naser Mahmood, Christopher Leckie, Jiankun Hu, Zahir Tari, and Mohammed Atiquzzaman. 2010. Network Traffic Analysis and SCADA Security. Springer Berlin Heidelberg, Berlin, Heidelberg. 383--405 pages.

[74]

Moti Markovitz and Avishai Wool. 2017. Field classification, modeling and anomaly detection in unknown CAN bus networks. Journal on Vehicular Communications 9 (2017), 43--52.

[75]

Bisyron Wahyudi Masduki, Kalamullah Ramli, Ferry Astika Saputra, and Dedy Sugiarto. 2015. Study on implementation of machine learning methods combination for improving attacks detection accuracy on Intrusion Detection System (IDS). In IEEE International Conference on Quality in Research (QiR). IEEE, Lombok, Indonesia, 56--64.

[76]

Manish Mehta, Rakesh Agrawal, and Jorma Rissanen. 1996. SLIQ: A fast scalable classifier for data mining. In Springer International Conference on Extending Database Technology (EDBT). Springer Berlin, 18--32.

[77]

Sebastian Mika, Gunnar Ratsch, Jason Weston, Bernhard Scholkopf, and Klaus-Robert Mullers. 1999. Fisher discriminant analysis with kernels. In 1999 IEEE Signal Processing Society Workshop on Neural Networks for Signal Processing IX. IEEE, Madison, WI, 41--48.

[78]

Robert Mitchell and Ing-Ray Chen. 2014. A survey of intrusion detection techniques for cyber-physical systems. Computing Surveys 46, 4 (2014), 55.

Digital Library

[79]

Daesung Moon, Hyungjin Im, Ikkyun Kim, and Jong Hyuk Park. 2015. DTB-IDS: An intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. Springer Journal of Supercomputing 73, 7 (2015), 2881--2895.

Digital Library

[80]

Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. 2011. A control system testbed to validate critical infrastructure protection concepts. Elsevier International Journal of Critical Infrastructure Protection 4, 2 (2011), 88--103.

[81]

Patric Nader, Paul Honeine, and Pierre Beauseroy. 2013. Intrusion detection in SCADA systems using one-class classification. In 21st European IEEE Signal Processing Conference (EUSIPCO). IEEE, Marrakech, Morocco, 1--5.

[82]

Patric Nader, Paul Honeine, and Pierre Beauseroy. 2014. -norms in one-class classification for intrusion detection in SCADA systems. IEEE Transactions on Industrial Informatics (TII) 10, 4 (2014), 2308--2317.

[83]

Patric Nader, Paul Honeine, and Pierre Beauseroy. 2016. Detection of cyberattacks in a water distribution system using machine learning techniques. In 6th IEEE International Conference on Digital Information Processing and Communications (ICDIPC). IEEE, Beirut, Lebanon, 25--30.

[84]

Sajid Nazir, Shushma Patel, and Dilip Patel. 2017. Assessing and augmenting SCADA cyber security: A survey of techniques. Computers 8 Security 70 (2017), 436--454.

[85]

Andrew Nicholson, Helge Janicke, and Tim Watson. 2013. An initial investigation into attribution in SCADA systems. In 1st International Symposium on ICS 8 SCADA Cyber Security Research (September 16--17). ACM, Leicester, UK, 56--65.

[86]

Peng Ning, Yun Cui, and Douglas S. Reeves. 2002. Constructing attack scenarios through correlation of intrusion alerts. In 9th ACM Conference on Computer and Communications Security (CCS’02). ACM, New York, 245--254.

[87]

Paul Oman, Edmund Schweitzer, and Deborah Frincke. 2000. Concerns about intrusions into remotely accessible substation controllers and SCADA systems. In 27th Annual Western Protective Relay Conference, Vol. 160. Citeseer, Spokane, WA, 1--16.

[88]

Takashi Onoda. 2016. Probabilistic models-based intrusion detection using sequence characteristics in control system communication. Springer Journal on Neural Computing and Applications 27, 5 (2016), 1119--1127.

Digital Library

[89]

Atilla Özgür and Hamit Erdem. 2012. Intrusion detection classifiers comparison in different operating environments. In 9th International Conference on Electronics Computer and Computation (ICECCO), V. Kiray, R. Ozcan, and T. Malas (Eds.). Turgut Ozal Univ, Turkey, 24--27.

[90]

Shengyi Pan, Thomas Morris, and Uttam Adhikari. 2015. Developing a hybrid intrusion detection system using data mining for power systems. IEEE Transactions on Smart Grid (TSG) 6, 6 (2015), 3104--3113.

[91]

Zhiwen Pan, Salim Hariri, and Youssif Al-Nashif. 2014. Anomaly based intrusion detection for building automation and control networks. In 11th IEEE/ACS International Conference on Computer Systems and Applications (AICCSA). IEEE, Doha, Qatar, 72--77.

[92]

Ahmed Patel, Hitham Alhussian, Jens Myrup Pedersen, Bouchaib Bounabat, Joaquim Celestino Jr, and Sokratis Katsikas. 2017. A nifty collaborative intrusion detection and prevention architecture for smart grid ecosystems. Computers 8 Security 64 (2017), 92--109.

[93]

Alecsandru Patrascu and Victor-Valeriu Patriciu. 2015. Cyber protection of critical infrastructures using supervised learning. In 20th IEEE International Conference on Control Systems and Computer Science (CSCS). IEEE, Bucharest, Romania, 461--468.

[94]

Stanislav Ponomarev and Travis Atkison. 2016. Industrial control system network intrusion detection by telemetry analysis. IEEE Transactions on Dependable and Secure Computing (TDSC) 13, 2 (2016), 252--260.

Digital Library

[95]

Upeka Kanchana Premaratne, Jagath Samarabandu, Tarlochan S. Sidhu, Robert Beresh, and Jian-Cheng Tan. 2010. An intrusion detection system for IEC61850 automated substations. IEEE Transactions on Power Delivery 25, 4 (2010), 2376--2383.

[96]

Carlos Queiroz, Abdun Mahmood, and Zahir Tari. 2013. A probabilistic model to predict the survivability of SCADA systems. IEEE Transactions on Industrial Informatics 9, 4 (2013), 1975--1985.

[97]

Carlos Queiroz, Abdun Naser Mahmood, and Zahir Tari. 2011. SCADASim-A framework for building SCADA simulations. IEEE Transactions on Smart Grid (TSG) 2, 4 (2011), 589--597.

[98]

Lukas Rift, Johnny Vastergaard, Daniel Haslinger, Andrea Pasquale, and John Smith. 2013. Conpot ICS/SCADA honeypot. Retrieved April 2018 from http://conpot.org.

[99]

Julian L. Rrushi. 2009. Composite Intrusion Detection in Process Control Networks. Ph.D. Dissertation. Università degli Studi di Milano, Milano, Italy.

[100]

S. Shitharth and D. Prince Winston. 2017. An enhanced optimization based algorithm for intrusion detection in SCADA network. Elsevier Journal on Computers 8 Security 70 (2017), 16--26.

[101]

Rishabh Samdarshi, Nidul Sinha, and Paritosh Tripathi. 2015. A triple layer intrusion detection system for SCADA security of electric utility. In IEEE Annual India Conference (INDICON). IEEE, New Delhi, India, 1--5.

[102]

M. F. Schilling. 1986. Mutual and shared neighbor probabilities: Finite-and infinite-dimensional results. Advances in Applied Probability 18, 2 (1986), 388--405.

[103]

S. Sandeep Sekharan and Kamalanathan Kandasamy. 2017. Profiling SIEM tools and correlation engines for security analytics. In IEEE International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). IEEE, Chennai, India, 717--721.

[104]

John Shafer, Rakeeh Agrawal, and Manish Mehta. 1996. SPRINT: A scalable parallel classifier for data mining. In 22nd International Conference on Very Large Data Bases (VLDB). Citeseer, Mumbai, India, 544--555.

[105]

Zubair Shah, Abdun Naser Mahmood, Mehmet A. Orgun, and M. Hadi Mashinchi. 2013. Subset selection classifier (SSC): A training set reduction method. In 16th IEEE International Conference on Computational Science and Engineering (CSE). IEEE, Sydney, NSW, Australia, 862--869.

[106]

Hamed Yaghoubi Shahir, Uwe Glasser, Amir Yaghoubi Shahir, and Hans Wehn. 2015. Maritime situation analysis framework: Vessel interaction classification and anomaly detection. In IEEE International Conference on Big Data (Big Data). IEEE, Santa Clara, CA, 1279--1289.

Digital Library

[107]

Joseph Sill, Gábor Takács, Lester Mackey, and David Lin. 2009. Feature-weighted Linear Stacking. (2009). arXiv:arXiv:0911.0460.

[108]

Pedro Silva. 2014. On the Use of K-NN in Intrusion Detection for Industrial Control Systems. Master’s thesis. Department of Information Technology, Galway, Ireland.

[109]

Arnab Sinha, Zhihong Shen, Yang Song, Hao Ma, Darrin Eide, Bo-june Paul Hsu, and Kuansan Wang. 2015. An overview of Microsoft Academic Service (MAS) and applications. In 24th International Conference on World Wide Web. ACM, Florence, Italy, 243--246.

Digital Library

[110]

Cézar Roberto Souza. 2014. The Accord .NET Framework. Retrieved January, 2017 from http://accord-framework.net.

[111]

Kyriakos Stefanidis and Artemios G. Voyiatzis. 2016. An HMM-based anomaly detection approach for SCADA systems. In IFIP International Conference on Information Security Theory and Practice. Springer International Publishing, Heraklion, Crete, Greece, 85--99.

[112]

Charles Sutton and Andrew McCallum. 2012. An introduction to conditional random fields. Foundations and Trends® in Machine Learning 4, 4 (2012), 267--373.

[113]

R. Bala Sri Swetha and K. Goklia Meena. 2015. Smart grid -- A network based intrusion detection system. In International Conference on Innovations in Computing Techniques (ICICT 2015). Semantic Scholar, Coimbatore, India, 29--36.

[114]

Bo Tang and Haibo He. 2017. A local density-based approach for outlier detection. Neurocomputing 241 (2017), 171--180. https://doi.org/10.1016/j.neucom.2017.02.039

Digital Library

[115]

David M. J. Tax and Robert P. W. Duin. 2004. Support vector data description. Machine Learning 54, 1 (1 Jan 2004), 45--66.

[116]

The Computing Research and Education Association of Australasia (CORE). 2018. CORE Conference Portal. Retrieved August 12, 2018 from http://portal.core.edu.au/conf-ranks/.

[117]

Wojciech Tylman. 2013. SCADA intrusion detection based on modelling of allowed communication patterns. In New Results in Dependability and Computer Systems. Springer, Heidelberg, Brunów, Poland, 489--500. https://doi.org/10.1007/978-3-319-00945-2_45

[118]

U.S. Coast Guard Navigation Center. 2015. Automatic identification system overview. Retrieved August 12, 2018 from http://www.navcen.uscg.gov/?pageName=AISmain.

[119]

Alfonso Valdes and Steven Cheung. 2009. Communication pattern anomaly detection in process control systems. In IEEE Conference on Technologies for Homeland Security (HST). IEEE, Boston, MA, USA, 22--29.

[120]

Jan Vávra and Martin Hromada. 2017. Evaluation of anomaly detection based on classification in relation to SCADA. In IEEE International Conference on Military Technologies (ICMT). IEEE, Brno, Czech Republic, 330--334.

[121]

Jared Verba and Michael Milvich. 2008. Idaho national laboratory supervisory control and data acquisition intrusion detection system (SCADA IDS). In IEEE Conference on Technologies for Homeland Security. IEEE, Waltham, MA, 469--473.

[122]

R. Vijayanand, D. Devaraj, and B. Kannapiran. 2017. Support vector machine based intrusion detection system with reduced input features for advanced metering infrastructure of smart grid. In 4th IEEE International Conference on Advanced Computing and Communication Systems (ICACCS). IEEE, Coimbatore, India, 1--7.

[123]

Ming Wan, Wenli Shang, and Peng Zeng. 2017. Double behavior characteristics for one-class classification anomaly detection in networked control systems. IEEE Transactions on Information Forensics and Security (TIFS) 12, 12 (2017), 3011--3023.

Digital Library

[124]

Dong Wei, Yan Lu, Mohsen Jafari, Paul M. Skare, and Kenneth Rohde. 2011. Protecting smart grid automation systems against cyberattacks. IEEE Transactions on Smart Grid 2, 4 (2011), 782--795.

[125]

Joe Weiss. 2016. Aurora generator test. In Handbook of SCADA/Control Systems Security. CRC Press, Boca Raton, FL, 107--114.

[126]

Yang Wenxian and Jiang Jiesheng. 2011. Wind turbine condition monitoring and reliability analysis by SCADA information. In 2nd International Conference Mechanic Automation and Control Engineering (MACE). IEEE, Hohhot, China, 1872--1875.

[127]

Rongjun Xie, Ibrahim Khalil, Shahriar Badsha, and Mohammed Atiquzzaman. 2018. Fast and peer-to-peer vital signal learning system for cloud-based healthcare. Future Generation Computer Systems (FGCS) 88 (2018), 220--233.

[128]

Dayu Yang, Alexander Usynin, and J. Wesley Hines. 2006. Anomaly-based intrusion detection for SCADA systems. In 5th International Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT). Semantic Scholar, Albuquerque, NM, USA, 12--16.

[129]

Yi Yang, H. T. Jiang, Kieran McLaughlin, L. Gao, Y. B. Yuan, W. Huang, and Sakir Sezer. 2015. Cybersecurity test-bed for IEC 61850 based smart substations. In 2015 IEEE Power 8 Energy Society General Meeting. IEEE, Denver, CO, 1--5.

[130]

Yi Yang, Kieran McLaughlin, Tim Littler, Sakir Sezer, and Haifeng Wang. 2013. Rule-based intrusion detection system for SCADA networks. In 2nd IET Renewable Power Generation Conference (RPG 2013). Institution of Engineering and Technology, Beijing, China, 1--4.

[131]

Yi Yang, Kieran McLaughlin, Sakir Sezer, Tim Littler, Eul Gyu Im, Bernardi Pranggono, and Haifeng Wang. 2014. Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Transactions on Power Delivery 29, 3 (2014), 1092--1102.

[132]

Yi Yang, Hai-Qing Xu, Lei Gao, Yu-Bo Yuan, Kieran McLaughlin, and Sakir Sezer. 2017. Multidimensional intrusion detection system for IEC 61850-based SCADA networks. IEEE Transactions on Power Delivery 32, 2 (2017), 1068--1078.

[133]

S. L. P. Yasakethu, J. Jiang, and A. Graziano. 2013. Intelligent risk detection and analysis tools for critical infrastructure protection. In IEEE EUROCON Conference. IEEE, Zagreb, Croatia, 52--59.

[134]

Shen Yin, Xiangping Zhu, and Chen Jing. 2014. Fault detection based on a robust one class support vector machine. Neurocomputing 145 (2014), 263--268.

[135]

Hyunguk Yoo and Taeshik Shon. 2015. Novel approach for detecting network anomalies for substation automation based on IEC 61850. Multimedia Tools and Applications 74, 1 (2015), 303--318. https://doi.org/10.1007/s11042-014-1870-0

Digital Library

[136]

A. Zaher, S. D. J. McArthur, D. G. Infield, and Y. Patel. 2009. Online wind turbine fault detection through automated SCADA data analysis. Wind Energy 12, 6 (2009), 574--593.

[137]

Hossein Zeynal, Mostafa Eidiani, and Dariush Yazdanpanah. 2014. Intelligent substation automation systems for robust operation of smart grids. In 2014 IEEE Innovative Smart Grid Technologies-Asia (ISGT ASIA). IEEE, Kuala Lumpur, Malaysia, 786--790.

[138]

Chunjie Zhou, Shuang Huang, Naixue Xiong, Shuang-Hua Yang, Huiyun Li, Yuanqing Qin, and Xuan Li. 2015. Design and analysis of multimodel-based anomaly intrusion detection systems in industrial process automation. IEEE Transactions on Systems, Man, and Cybernetics: Systems 45, 10 (2015), 1345--1360.

[139]

Zhi-Hua Zhou. 2012. Ensemble Methods: Foundations and Algorithms. Chapman and Hall/CRC, New York.

[140]

Bonnie Zhu and Shankar S. Sastry. 2010. SCADA-specific intrusion detection/prevention systems: A survey and taxonomy. In 1st Workshop on Secure Control Systems (SCS), Vol. 11. Berkeley University of California, Article 8, 7 pages.

[141]

Zahra Zohrevand, Uwe Glasser, Hamed Yaghoubi Shahir, Mohammad A. Tayebi, and Robert Costanzo. 2016. Hidden Markov based anomaly detection for water supply systems. In IEEE International Conference on Big Data. IEEE, WA, USA, 1551--1560.

Cited By

Miao QWang DXia ZXu CZhan JWu C(2025)Exploring spatio-temporal dynamics for enhanced wind turbine condition monitoringMechanical Systems and Signal Processing10.1016/j.ymssp.2024.111841223(111841)Online publication date: Jan-2025
https://doi.org/10.1016/j.ymssp.2024.111841
Blanco JDel Alamo JDueñas JCuadrado F(2024)A Formal Model for Reliable Data Acquisition and Control in Legacy Critical InfrastructuresElectronics10.3390/electronics1307121913:7(1219)Online publication date: 26-Mar-2024
https://doi.org/10.3390/electronics13071219
Barsha NHubballi N(2024)Anomaly Detection in SCADA Systems: A State Transition ModelingIEEE Transactions on Network and Service Management10.1109/TNSM.2024.337388121:3(3511-3521)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3373881
Show More Cited By

Index Terms

A Taxonomy of Supervised Learning for IDSs in SCADA Environments
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Opcode sequences as representation of executables for data-mining-based unknown malware detection

Malware can be defined as any type of malicious code that has the potential to harm a computer or network. The volume of malware is growing faster every year and poses a serious global security threat. Consequently, malware detection has become a ...
Stream clustering guided supervised learning for classifying NIDS alerts
Abstract
A Network Intrusion Detection System (NIDS) is a network monitoring technology for identifying cyber attacks, botnet command and control traffic, and other unwanted network activity. Unfortunately, organizational NIDS solutions can often generate ...
Highlights
- Novel NIDS alert processing framework.
- The pipeline of low-cost unsupervised stream clustering and supervised machine learning.
- Method for the creation of labeled NIDS alert training data sets.
- Large publicly available NIDS ...
Machine Learning: The State of the Art

The two fundamental problems in machine learning (ML) are statistical analysis and algorithm design. The former tells us the principles of the mathematical models that we establish from the observation data. The latter defines the conditions on which ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 53, Issue 2

March 2021

848 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3388460

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 April 2020

Accepted: 01 January 2020

Revised: 01 October 2019

Received: 01 April 2019

Published in CSUR Volume 53, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Research
Refereed

Funding Sources

Australian Research Council

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

42
Total Citations
View Citations
1,413
Total Downloads

Downloads (Last 12 months)172
Downloads (Last 6 weeks)9

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Miao QWang DXia ZXu CZhan JWu C(2025)Exploring spatio-temporal dynamics for enhanced wind turbine condition monitoringMechanical Systems and Signal Processing10.1016/j.ymssp.2024.111841223(111841)Online publication date: Jan-2025
https://doi.org/10.1016/j.ymssp.2024.111841
Blanco JDel Alamo JDueñas JCuadrado F(2024)A Formal Model for Reliable Data Acquisition and Control in Legacy Critical InfrastructuresElectronics10.3390/electronics1307121913:7(1219)Online publication date: 26-Mar-2024
https://doi.org/10.3390/electronics13071219
Barsha NHubballi N(2024)Anomaly Detection in SCADA Systems: A State Transition ModelingIEEE Transactions on Network and Service Management10.1109/TNSM.2024.337388121:3(3511-3521)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1109/TNSM.2024.3373881
Biswas HKumar M(2024)SCADA-Wireshark Testbed Data-Based Exploratory Data Analytics and Intrusion Detection2024 International Conference on Smart Applications, Communications and Networking (SmartNets)10.1109/SmartNets61466.2024.10577709(1-6)Online publication date: 28-May-2024
https://doi.org/10.1109/SmartNets61466.2024.10577709
Evripidou SAni UHailes SWatson JKelley PKapadia A(2023)Exploring the security culture of operational technology (OT) organisationsProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632193(113-129)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632193
Abu Bakar RHuang XJaved MHussain SMajeed M(2023)An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and SelectionSensors10.3390/s2306333323:6(3333)Online publication date: 22-Mar-2023
https://doi.org/10.3390/s23063333
Balla AHabaebi MElsheikh EIslam MSuliman F(2023)The Effect of Dataset Imbalance on the Performance of SCADA Intrusion Detection SystemsSensors10.3390/s2302075823:2(758)Online publication date: 9-Jan-2023
https://doi.org/10.3390/s23020758
Alsaedi ATari ZMahmud RMoustafa NMahmood AAnwar A(2023)USMD: UnSupervised Misbehaviour Detection for Multi-Sensor DataIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.314349320:1(724-739)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2022.3143493
Chan AZhou J(2023)Non-Intrusive Protection for Legacy SCADA SystemsIEEE Communications Magazine10.1109/MCOM.003.220056461:6(36-42)Online publication date: Jun-2023
https://doi.org/10.1109/MCOM.003.2200564
Issa SAlkhayyat AAbosinnee AKadeem SJaffer ZHussein A(2023)Parameter Tuned Extreme Gradient Boosting Model for Industrial Threat Detection2023 6th International Conference on Engineering Technology and its Applications (IICETA)10.1109/IICETA57613.2023.10351446(701-707)Online publication date: 15-Jul-2023
https://doi.org/10.1109/IICETA57613.2023.10351446
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents