Evaluating Machine Learning Approaches for Cyber and Physical Anomalies in SCADA Systems

• In recent years, machine learning (ML) techniques have been widely adopted as anomaly-based Intrusion Detection System in order to evaluate cyber and physical attacks against Industrial Control Systems. Nevertheless, a performance comparison of such techniques applied to multiple Cyber-Physical Systems datasets is still missing. In light of this, we propose a comparative study about the performance of four supervised ML-algorithms, Random Forest, k-nearest-Neighbors, Support-Vector-Machine and Naïve-Bayes, applied to three different publicly available datasets from water testbeds. Specifically, we consider three different scenarios where we evaluate: (1) the ability to detect cyber and physical anomalies with respect to the nominal samples, (2) the ability to detect specific types of cyber and physical attacks and (3) the ability to recognize unforeseen attacks without providing any previous knowledge about them. Results show the effectiveness of the ML-techniques in identifying cyber and physical anomalies under some assumptions about their effects on the process dynamics.

Ämnesord

NATURVETENSKAP  -- Data- och informationsvetenskap (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences (hsv//eng)

Nyckelord

Computer crime

Cyber Physical System

Embedded systems

Intrusion detection

Learning systems

Nearest neighbor search

SCADA systems

Anomaly based intrusion detection systems

Cybe-physical systems

Cyber-attacks

Cyber-physical systems

Industrial control systems

Machine learning approaches

Machine learning techniques

Performance comparison

Physical attacks

Still missing

Support vector machines

Publikations- och innehållstyp

ref (ämneskategori)

kon (ämneskategori)