Add-On Anomaly Threshold Technique for Improving Unsupervised Intrusion Detection on SCADA Data
| Autor: | Zahir Tari, Sheikh Tahir Bakhsh, Madini O. Alassafi, Abdulrahman A. Alshdadi, Abdulmohsen Almalawi, Adil Fahad, Asif Irshad Khan, Sana Qaiyum, Nouf Alzahrani |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
security threats
Computer Networks and Communications Computer science intrusion detection 0211 other engineering and technologies lcsh:TK7800-8360 ComputerApplications_COMPUTERSINOTHERSYSTEMS 02 engineering and technology Intrusion detection system unsupervised learning computer.software_genre SCADA 020204 information systems vulnerability measurement 0202 electrical engineering electronic engineering information engineering Information system Sensitivity (control systems) Electrical and Electronic Engineering SCADA security 021110 strategic defence & security studies lcsh:Electronics Supervised learning Industrial Internet of Things (IIoT) Hardware and Architecture Control and Systems Engineering Signal Processing information-security Unsupervised learning Anomaly detection Data mining Anomaly (physics) computer |
| Zdroj: | Electronics Volume 9 Issue 6 Electronics, Vol 9, Iss 1017, p 1017 (2020) |
| ISSN: | 2079-9292 |
| DOI: | 10.3390/electronics9061017 |
| Popis: | Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is sensitive to parameter choices, especially when the boundaries between normal and abnormal behaviours are not clearly distinguishable. Therefore, the current approach in detecting anomaly for SCADA is based on the assumptions by which anomalies are defined these assumptions are controlled by a parameter choice. This paper proposes an add-on anomaly threshold technique to identify the observations whose anomaly scores are extreme and significantly deviate from others, and then such observations are assumed to be &rdquo abnormal&rdquo The observations whose anomaly scores are significantly distant from &rdquo ones will be assumed as &rdquo normal&rdquo Then, the ensemble-based supervised learning is proposed to find a global and efficient anomaly threshold using the information of both &rdquo /&rdquo behaviours. The proposed technique can be used for any unsupervised anomaly detection approach to mitigate the sensitivity of such parameters and improve the performance of the SCADA unsupervised anomaly detection approaches. Experimental results confirm that the proposed technique achieved a significant improvement compared to the state-of-the-art of two unsupervised anomaly detection algorithms. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|