Probabilistic Models Based Intrusion Detection Using Sequence Characteristics in Control System Communication

  • Takashi Onoda
Part of the Communications in Computer and Information Science book series (CCIS, volume 459)


The importance of cyber security has increased with the networked and highly complex structure of computer systems, and the increased value of information. In this paper, we compare Conditional Random Field based intrusion detection with the other probabilistic models based intrusion detection. Theses methods uses the sequence characteristics of network traffic in the control system communication. The learning only utilizes normal data, assuming that there is no prior knowledge on attacks in the system. We applied these two probabilistic models to intrusion detection in DARPA data and an experimental control system network, and compared the differences in the performance.


CRF HMM Control System Communication Intrusion Detection Sequence 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    National Security Agency: Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments,
  2. 2.
    SANS Institute: Intrusion Detection FAQ,
  3. 3.
    Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using Model-based Intrusion Detection for SCADA Networks. In: Proc. of the SCADA Security Scientific Symposium (January 2007)Google Scholar
  4. 4.
    Moran, B., Belisle, R.: Modeling Flow Information and Other Control System Behavior to Detect Anomalies. In: Proc. of the SCADA Security Scientific Symposium (January 2008)Google Scholar
  5. 5.
    Kiuchi, M., Serizawa, Y.: Security Technologies, Usage and Guidelines in SCADA System Networks. In: ICCAS-SICE (2009)Google Scholar
  6. 6.
    Onoda, T., Kiuchi, M.: Analysis of Intrusion Detection in Control System Communication Based on Outlier Detection with One-Class Classifiers. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012, Part V. LNCS, vol. 7667, pp. 275–282. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Osareh, A., Shadgar, B.: Intrusion Detection in Computer Networks based on Machine Learning Algorithms. International Journal of Computer Science and Network Security 8(11) (November 2008)Google Scholar
  8. 8.
    Chandola, V., Banerjee, A., Kumar, V.: Outlier Detection: A Survey, University of Minnesota Technical Report TR 07-017Google Scholar
  9. 9.
    Rabiner, L.R.: A tutorial on hidden Markov models and selected applications in speech recognition. Proceedings of the IEEE 77(2), 257–285 (1989)Google Scholar
  10. 10.
    Baum, L.E., Petrie, T., Soules, G., Weiss, N.: A maximization technique occurring in the statistical analysis of probabilistic functions of markov chains. The Annals of Mathematical Statistics 41(1), 164–171 (1970)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Lafferty, J., McCallum, A., Pereira, F.: Conditional random fields: probabilistic models for segmenting and labeling sequence data. In: International Conference on Machine Learning (2001)Google Scholar
  12. 12.
    CRF++: Yet Another CRF toolkit,
  13. 13.
    Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 579–595 (2000)CrossRefGoogle Scholar
  14. 14.
    DARPA: Intrusion Detection evaluation data-set,
  15. 15.
    Zhang, D., Leckie, C.: An Evaluation Technique for Network Intrusion Detection Systems. In: Proc. of the 1st International Conference on Scalable Information Systems, InfoScale 2006 (2006)Google Scholar
  16. 16.
    Kiuchi, M., Ohba, E., Serizawa, Y.: Customizing Control System Intrusion Detection at the Application Layer. In: Proc. of the SCADA Security Scientific Symposium 2009, Digital Bond Press (January 2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Takashi Onoda
    • 1
  1. 1.System Engineering System Laboratory, Central Research Institute of Electric Power IndustryKomae-shiJapan

Personalised recommendations