Abstract
The security of critical infrastructures has gained a lot of attention in the past few years with the growth of cyberthreats and the diversity of cyberattacks. Although traditional IDS update frequently their databases of known attacks, new complex attacks are generated everyday to circumvent security systems and to make their detection nearly impossible. This paper outlines the importance of one-class classification algorithms in detecting malicious cyberattacks in critical infrastructures. The role of machine learning algorithms is complementary to IDS and firewalls, and the objective of this work is to detect intentional intrusions once they have already bypassed these security systems. Two approaches are investigated, Support Vector Data Description and Kernel Principal Component Analysis. The impact of the metric in kernels is investigated, and a heuristic for choosing the bandwidth parameter is proposed. Tests are conducted on real data with several types of cyberattacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stouffer, K., Falco, J., Kent, K.: Guide to supervisory control and data acquisition (scada) and industrial control systems security. Technical report, National Institute of Standards and Technology (NIST) (2006)
Fovino, I., Masera, M., Guidi, L., Carpi, G.: An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants. In: 3rd Conference on Human System Interactions (HSI), pp. 679–686 (2010)
Fovino, I., Coletta, A., Carcano, A., Masera, M.: Critical state-based filtering system for securing SCADA network protocols. IEEE Trans. Ind. Electron. 59, 3943–3950 (2012)
Ten, C.W., Hong, J., Liu, C.C.: Anomaly detection for cybersecurity of the substations. IEEE Trans. Smart Grid 2, 865–873 (2011)
Slay, J., Miller, M.: Lessons learned from the maroochy water breach. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection, pp. 73–82. Springer, US (2007)
Christiansson, H., Luiijf, E.: Creating a European SCADA security testbed. In: Goetz, E., Shenoi, S. (eds.) Critical Infrastructure Protection. IFIP International Federation for Information Processing, vol. 253, pp. 237–247. Springer, US (2007)
Cárdenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 355–366. ACM, New York (2011)
Gorman, S.: Electricity grid in U.S. Penetrated by spies. Wall Street J. (2008)
Chen, T., Abu-Nimeh, S.: Lessons from stuxnet. Computer 44, 91–93 (2011)
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9, 49–51 (2011)
Urias, V., Van Leeuwen, B., Richardson, B.: Supervisory command and data acquisition (SCADA) system cyber security analysis using a live, virtual, and constructive (LVC) testbed. In: Military Communication Conference - MILCOM, pp. 1–8 (2012)
Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Pranggono, B., Wang, H.: Intrusion detection system for IEC 60870-5-104 based SCADA networks. In: 2013 IEEE Power and Energy Society General Meeting (PES), pp. 1–5 (2013)
Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA systems with anomaly detection. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 171–182. Springer, Heidelberg (2003)
Gross, P., Parekh, J., Kaiser, G.: Secure selecticast for collaborative intrusion detection systems. In: 3rd International Workshop on Distributed Event-Based Systems (DEBS 2004), Edinburgh, Scotland, UK (2004)
Carcano, A., Coletta, A., Guglielmi, M., Masera, M., Fovino, I., Trombetta, A.: A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Trans. Ind. Inf. 7, 179–186 (2011)
Morris, T., Vaughn, R.B., Dandass, Y.S.: A testbed for SCADA control system cybersecurity research and pedagogy. In: CSIIRW, Oak Ridge, Tennessee (2011)
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. Int. J. Crit. Infrastruct. Prot. 4, 88–103 (2011)
Hofmann, T., Schölkopf, B., Smola, A.J.: Kernel methods in machine learning. Ann. Stat. 36, 1171–1220 (2008)
Shawe-Taylor, J., Cristianini, N.: Kernel Methods for Pattern Analysis. Cambridge University Press, New York (2004)
Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. 41, 15:1–15:58 (2009)
Tax, D.M.J., Duin, R.P.W.: Support vector data description. Mach. Learn. 54, 45–66 (2004)
Schölkopf, B., Smola, A., Müller, K.R.: Nonlinear component analysis as a kernel eigenvalue problem. Neural Comput. 10, 1299–1319 (1998)
Noumir, Z., Honeine, P., Richard, C.: Online one-class machines based on the coherence criterion. In: Proceedings of the 20th European Conference on Signal Processing, Bucharest, Romania (2012)
Khan, S.S., Madden, M.G.: A survey of recent trends in one class classification. In: Coyle, L., Freyne, J. (eds.) AICS 2009. LNCS, vol. 6206, pp. 188–197. Springer, Heidelberg (2010)
Mazhelis, O.: One-class classifiers : a review and analysis of suitability in the context of mobile-masquerader detection. S. Afr. Comput. J. 36, 29–48 (2006)
Hoffmann, H.: Kernel PCA for novelty detection. Pattern Recogn. 40, 863–874 (2007)
Nader, P., Honeine, P., Beauseroy, P.: Intrusion detection in SCADA systems using one-class classification. In: Proceedings of the 21th European Conference on Signal Processing, Marrakech, Morocco (2013)
Schölkopf, B., Platt, J.C., Shawe-Taylor, J.C., Smola, A.J., Williamson, R.C.: Estimating the support of a high-dimensional distribution. Neural Comput. 13, 1443–1471 (2001)
Soares, C., Brazdil, P.B., Kuba, P.: A meta-learning method to select the kernel width in support vector regression. Mach. Learn. 54, 195–209 (2004)
Cherkassky, V., Ma, Y.: Practical selection of SVM parameters and noise estimation for SVM regression. Neural Netw. 17, 113–126 (2004)
Gurram, P., Kwon, H.: Support-vector-based hyperspectral anomaly detection using optimized kernel parameters. IEEE Geosci. Remote Sens. Lett. 8, 1060–1064 (2011)
Haykin, S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Prentice Hall, Upper Saddle River (1998)
Acknowledgment
The authors would like to thank Thomas Morris and the Mississippi state university SCADA Laboratory for providing the real SCADA dataset.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Nader, P., Honeine, P., Beauseroy, P. (2016). The Role of One-Class Classification in Detecting Cyberattacks in Critical Infrastructures. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)