Novelty Detection System Based on Multi-criteria Evaluation in Respect of Industrial Control System

  • Jan Vávra
  • Martin Hromada
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 765)


The industrial processes and systems have become more sophisticated and also adopted in diverse areas of human activities. The Industrial Control System (ICS) or Internet of Things (IoT) have become essential for our daily life, and therefore vital for contemporary society. These systems are often included in Critical Information Infrastructure (CII) which is crucial for each state. Consequently, the cyber defense is and will be one of the most important security field for our society. Therefore, we use the novelty detection approach in order to identify anomalies which can be a symptom of the cyber-attack in ICS environment. To achieve the main goal of the article One-Class Support Vector Machine (OCSVM) algorithm was used. Moreover, the anomaly detection algorithm is adjusted via multi-criteria evaluation and classifier fusion.


Cyber security Novelty detection Anomaly detection Industrial control systems Multi-criteria evaluation 



This work was funded by the Internal Grant Agency (IGA/FAI/2018/003) and supported by the project ev. no. VI20152019049 “RESILIENCE 2015: Dynamic Resilience Evaluation of Interrelated Critical Infrastructure Subsystems”, supported by the Ministry of the Interior of the Czech Republic in the years 2015–2019 and also supported by the research project VI20172019054 “An analytical software module for the real-time resilience evaluation from point of the converged security”, supported by the Ministry of the Interior of the Czech Republic in the years 2017-2019. Moreover, this work was supported by the Ministry of Education, Youth and Sports of the Czech Republic within the National Sustainability Programme project No. LO1303 (MSMT-7778/2014) and also by the European Regional Development Fund under the project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089. Finally, we thank our colleagues from Mississippi State University and Oak Ridge National Laboratory which provides SCADA datasets.


  1. 1.
    Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A.: Guide to Industrial Control Systems (ICS) Security. NIST special publication, 800(82) R2, 16-16 (2015)Google Scholar
  2. 2.
    Macaulay, T., Singer, B.: Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS, 193 p. CRC Press, Boca Raton (2012). ISBN 14-398-0196-7 Google Scholar
  3. 3.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Comput. Surv. (CSUR) 41(3), 15 (2009)CrossRefGoogle Scholar
  4. 4.
    Dewa, Z., Maglaras, L.A.: Data mining and intrusion detection systems. Int. J. Adv. Comput. Sci. Appl. 7(1), 62–71 (2016)Google Scholar
  5. 5.
    Pathan, A.S.K.: The State of the Art in Intrusion Prevention and Detection. Auerbach Publications, Boca Raton (2014)CrossRefGoogle Scholar
  6. 6.
    Goldstein, M., Uchida, S.: A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PLoS One 11(4), e0152173 (2016)CrossRefGoogle Scholar
  7. 7.
    Ebrahimi, M., Suen, C.Y., Ormandjieva, O., Krzyzak, A.: Recognizing predatory chat documents using semi-supervised anomaly detection. Electron. Imaging 2016(17), 1–9 (2016)CrossRefGoogle Scholar
  8. 8.
    Sharma, V., Suryawanshi, V.: Network anomaly detection through hybrid algorithm. Int. J. Comput. Sci. Trends Technol. (IJCST) 5, 74–78 (2017) Google Scholar
  9. 9.
    Akoglu, L., Tong, H., Koutra, D.: Graph based anomaly detection and description: a survey. Data Min. Knowl. Disc. 29(3), 626–688 (2015)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Pollet, J.: SCADA 2017: The Future of SCADA Security. 8th Annual ICS & SCADA Security Summit, SANS, 12–13 February 2013.
  11. 11.
    Horkan, M.: Challenges for IDS/IPS Deployment in Industrial Control Systems. SANS Institute (2015).
  12. 12.
    Verba, J., Milvich, M.: Idaho national laboratory supervisory control and data acquisition intrusion detection system (SCADA IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473. IEEE (2008) Google Scholar
  13. 13.
    Zhu, B., Sastry, S.: Intrusion detection and resilient control for SCADA systems. In: Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection: Approaches for Threat Protection, vol. 352 (2012)Google Scholar
  14. 14.
    Yang, Y., McLaughlin, K., Littler, T., Sezer, S., Wang, H.F.: Rule-based intrusion detection system for SCADA networks. In: 2nd IET Renewable power generation conference (RPG 2013), pp. 1–4. IET (2013)Google Scholar
  15. 15.
    Maglaras, L.A., Jiang, J.: Intrusion detection in SCADA systems using machine learning techniques. In: Science and Information Conference (SAI 2014), pp. 626–631. IEEE (2014)Google Scholar
  16. 16.
    Knapp, E.: Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, vol. xvii, 341 p. Syngress, Waltham (2011). ISBN 15–974-9645-6Google Scholar
  17. 17.
    Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273–297 (1995)zbMATHGoogle Scholar
  18. 18.
    Hsu, C.W., Chang, C.C., Lin, C.J.: A practical guide to support vector classification. BJU Int. 101, 1396–400 (2008) Google Scholar
  19. 19.
    Hink, R.C.B., Beaver, J.M., Buckner, M.A., Morris, T., Adhikari, U., Pan, S.: Machine learning for power system disturbance and cyber-attack discrimination. In: 2014 7th International Symposium on Resilient Control Systems (ISRCS), pp. 1–8. IEEE, August 2014Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Faculty of Applied InformaticsTomas Bata University in ZlinZlinCzech Republic

Personalised recommendations