Journal
ACMSE 2020: PROCEEDINGS OF THE 2020 ACM SOUTHEAST CONFERENCE
Volume -, Issue -, Pages 188-196Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3374135.3385282
Keywords
Anomaly Detection; Industrial Control Systems; Machine Learning; Modbus; SCADA
Categories
Ask authors/readers for more resources
Supervisory Control and Data Acquisition (SCADA) systems have been designed with the assumption that the system would run within a closed environment. They have only generated concerns for security issues that may appear during system deployment, and there are no clear methods to assess security threats when considered. Recent technological and economic trends have driven SCADA systems from serial communication networks to networks based on TCP/IP. This exposes legacy SCADA systems to new security threats they were not designed to defend against. This work examines the viability of machine learning techniques in detecting new security threats specific to SCADA systems and the Modbus protocol. Machine learning-based anomaly detection algorithms were used to detect malicious traffic in a generated dataset of Remote Terminal Unit (RTU) communications using the Modbus protocol. The implemented algorithms are Support Vector Machines, decision trees, k-nearest neighbors, and k-means clustering. While the algorithms performed well overall, Support Vector Machine, Decision Trees, and K-nearest Neighbors algorithms had the best performance with individual attack types. K-means clustering did not perform satisfactorily with specific attack types.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available