In this paper, we present an IDA-SCADA model based on Support Vector Machine (SVM) which is capable of detecting intrusion into SCADA systems with high accuracy. The distinction of our method used in this research is we applied contextual training data. To do that, the original dataset was reorganized to create context before training the SVM phase. The result of our work is the proposed system able to identify any attacks or normal patterns with precision from 95.02% to 99.03%.

Intrusion detection system, Machine Learning, IDS, SVM, SCADA.

[1]. J. Slay and M. Miller, “Lessons learned from the Maroochy Water Breach”, Critical Infrastructure Protection, Vol. 253, pp. 73–82, 2008.

[2]. D. Ryu, H. Kim and K. Um, “Reducing security vulnerabilities for critical infrastructure”. Journal of Loss Prevention in the Process Industries, Vol. 22, pp. 1020–1024, 2009.

[3]. N. Falliere, L. O. Murchu and E. Chien, W32.Stuxnet Dossier, Symantec Report version 1.3, Nov 2010.

[4]. UCI. “Knowledge Discovery in Databases (KDD) Cup Datasets”. Available at http://kdd.ics.uci.edu.

[5]. T. Morris, W. Gao. “Industrial Control System Network Traffic Data Sets to Facilitate Intrusion Detection System Research”, in Critical Infrastructure Protection VIII, Springer Berlin Heidelberg, Vol. 441, pp. 65-78, 2014.

[6]. Thornton, Z., A Virtualized SCADA Laboratory for Research and Teaching, Department of Electrical and Computer Engineering, Mississippi State University, 2015.

[7]. Turnipseed, I., “A new SCADA dataset for intrusion detection system research”. Department of Electrical and Computer Engineering, Mississippi State University, August 2015.

[8]. S. Haykin, Neural Networks and Learning Machines (3rd Edition) - Prentice Hall, 2009.

[9]. Cortes, C., Vapnik, V., “Support-vector networks, Machine Learning”, Vol. 20, pp. 273–297, 1995.

[10]. Bauer, D. S., &Koblentz, M. E. NIDX – “An expert system for real-time network intrusion detection”, 1988.

[11]. Lee, W., Stolfo, S., &Mok, K. “A Data Mining Framework for Building Intrusion Detection Model”. Proc. IEEE Symp. Security and Privacy, pp. 120-132, 1999.

[12]. Amor, N. B., Benferhat, S., &Elouedi, Z. “Naïve Bayes vs. Decision Trees in Intrusion Detection Systems”. Proc. ACM Symp.Applied Computing, 420424, 2004.

[13]. Mukkamala, S., Janoski, G., &Sung, A. “Intrusion detection using neural networks and support vector machines”. Paper presented at the International Joint Conference, 2002.

[14]. Shah, H., Undercoffer, J., & Joshi, A. “Fuzzy Clustering for Intrusion Detection”. Proc. 12th IEEE International Conference Fuzzy Systems (FUZZ-IEEE ’03), 2, 1274-1278, 2003.

[15]. Ambwani, T. “Multi class support vector machine implementation to intrusion detection”. Paper presented at the Proceedings of the International Joint Conference of Neural Networks, 2003.

[16]. T.Shon, Y. Kim, C.Lee and J.Moon, “A Machine Learning Framework for Network Anomaly Detection using SVM and GA”, Proceedings of the 2005 IEEE, 2005.

[17]. SandyaPeddabachigari, Ajith Abraham, CrinaGrosan, Johanson Thomas. “Modeling Intrusion Detection Systems using Hybrid Intelligent Systems”. Journal of Network and Computer Applications, 2005.