Anomaly Activities Detection System in Critical Water SCADA Infrastructure Using Machine Learning Techniques

Document Type : Original Article

Authors

1 Computer Science and Engineering Dept., Faculty of Electronic Engineering, Menoufia University, Egypt.

2 Computer Science and Engineering Dept., Faculty of Electronic Engineering, Menoufia University, Egypt

Abstract

Industrial Control System (ICS) plays important role to reduce the human interact to operate the industrial system process. Cyber Physical Systems (CPSs) exist in critical infrastructure such as nuclear power generation, transportation networks, gas and water distribution networks, Unmanned Aerial Vehicle Systems (UASs) and electric power distribution networks. In this paper, we present a system to detect anomalies and malicious activities in critical water infrastructure. This system helps the industrial operator and administrator when an anomaly occurs and acts on the infrastructure.  The system is built using various machine learning techniques such as Logistic Regression (LR), Linear Discriminant Analysis (LDA), Classification and Regression Tree (CART) and Support Vector Machine (SVM). The model was evaluated using a real-world dataset covering 15 anomaly scenarios including normal system behavior. The presented scenarios covered a wide range of events, ranging from hardware failure to sabotage in the water critical infrastructure. The overall evaluation showed that CART is the best classification technique because it has the highest results in all performance evaluation metrics such as accuracy, precision. There is a comparative study between the results after applying normalization on the dataset. The results after applying normalization are better than the results before applying it.

Keywords

References

[1]   K. Randhawa, C. K. Loo, M. Seera, C. P. Lim, and A. K. Nandi, “Credit card fraud detection using AdaBoost and majority voting,” IEEE access, vol. 6, pp. 14277–14284, 2018.
[2]   H. Hindy, D. Brosset, E. Bayne, A. Seeam, and X. Bellekens, “Improving SIEM for critical SCADA water infrastructures using machine learning,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 11387 LNCS, pp. 3–19, 2019.
[3]   S. Amin, X. Litrico, S. S. Sastry, and A. M. Bayen, “Cyber security of water SCADA systems Part II: Attack detection using enhanced hydrodynamic models,” IEEE Trans. Control Syst. Technol., vol. 21, no. 5, pp. 1679–1693, 2012.
[4]   S. Amin, X. Litrico, S. Sastry, and A. M. Bayen, “Cyber security of water SCADA systems Part I: Analysis and experimentation of stealthy deception attacks,” IEEE Trans. Control Syst. Technol., vol. 21, no. 5, pp. 1963–1970, 2012.
[5]   R. Mitchell and I.-R. Chen, “A survey of intrusion detection techniques for cyber-physical systems,” ACM Comput. Surv., vol. 46, no. 4, p. 55, 2014.
[6]   L. Cheng, K. Tian, and D. D. Yao, “Orpheus: Enforcing cyber-physical execution semantics to defend against data-oriented attacks,” in Proceedings of the 33rd Annual Computer Security Applications Conference, 2017, pp. 315–326.
[7]   A. Mathur, “On The Limits of Detecting Process Anomalies in Critical Infrastructure,” in Proceedings of the 4th ACM Workshop on Cyber-Physical System Security, 2018, pp. 1–1.
[8]   “Simple guide to confusion matrix terminology.” [Online]. Available: https://www.dataschool.io/simple-guide-to-confusion-matrix-terminology/. [Accessed: 19-May-2019].
[9]   K. Sheppard, “Introduction to python for econometrics, statistics and data analysis,” Self-published, Univ. Oxford, version, vol. 2, 2012.
[10] P. M. Laso, D. Brosset, and J. Puentes, “Dataset of anomalies and malicious acts in a cyber-physical subsystem,” Data Br., vol. 14, pp. 186–191, 2017.
 
Menoufia Journal of Electronic Engineering Research
Volume 28, ICEEM2019-Special Issue
ICEEM2019-Special Issue: 1st International Conference on Electronic Eng., Faculty of Electronic Eng., Menouf, Egypt, 7-8 Dec.
2019
Pages 343-384

Files

Share

How to cite

Statistics