SCADA security : machine learning concepts for intrusion detection and prevention /: machine learning concepts for intrusion detection and prevention. (2020)
- Record Type:
- Book
- Title:
- SCADA security : machine learning concepts for intrusion detection and prevention /: machine learning concepts for intrusion detection and prevention. (2020)
- Main Title:
- SCADA security : machine learning concepts for intrusion detection and prevention
- Further Information:
- Note: Abdulmohsen Almalawi, Zahir Tari, Adil Fahad, Xun Yi.
- Authors:
- Almalawi, Abdulmohsen
Tari, Zahir
Fahad, Adil
(College teacher), Yi, Xun - Contents:
- Foreword Preface Acknowledgments Acronyms Introduction 1 Motivation 1.1 Overview 1.2 Existing solutions 1.3 Significant research problems 1.4 Book focus 1.5 Book organisation 2 Background 2.1 SCADA systems 2.1.1 Main components 2.1.2 Architecture. 2.1.3 Protocols. 2.2 Intrusion Detection System (IDS). 2.2.1 SCADA network-based. 2.2.2 SCADA application-based. 2.3 IDS approaches 3 SCADA-based Security Testbed 3.1 Motivation. 3.2 Guidelines to building a SCADA Security Testbed 3.3 SCADAVT Details 3.3.1 The communication infrastructure 3.3.2 Computer-based SCADA components 3.3.3 SCADA protocols’s implementation 3.3.4 Linking internal/external world components. 3.3.5 Simulation of a controlled environment 3.4 SCADAVT Application 3.4.1 The SCADAVT setup 3.4.2 The water distribution system setup. 3.4.3 SCADA system setup for WDS 3.4.4 Configuration steps. 3.5 Attack Scenarios. 3.5.1 Denial of Service (DoS) Attacks 3.5.2 Integrity Attacks. 3.6 Conclusion. 3.7 Appendix for this Chapter 3.7.1 Modbus registers mapping. 3.7.2 The configuration of IOModuleGate. 4 Efficientk-Nearest Neighbour Approach based on Various-WidthsClustering 4.1 Introduction 4.2 Related Work. 4.3 ThekNNVWC Approach. 4.3.1 FWC Algorithm and Its Limitations 4.3.2 Various-Widths Clustering. Partitioning process. Merging process. Parameters 4.3.3 Thek-NN Search 4.4 Experimental Evaluation. 4.4.1 Data sets. 4.4.2 Performance Metrics Reduction Rate of Distance Computations Reduction Rate of Computation Time 4.4.3Foreword Preface Acknowledgments Acronyms Introduction 1 Motivation 1.1 Overview 1.2 Existing solutions 1.3 Significant research problems 1.4 Book focus 1.5 Book organisation 2 Background 2.1 SCADA systems 2.1.1 Main components 2.1.2 Architecture. 2.1.3 Protocols. 2.2 Intrusion Detection System (IDS). 2.2.1 SCADA network-based. 2.2.2 SCADA application-based. 2.3 IDS approaches 3 SCADA-based Security Testbed 3.1 Motivation. 3.2 Guidelines to building a SCADA Security Testbed 3.3 SCADAVT Details 3.3.1 The communication infrastructure 3.3.2 Computer-based SCADA components 3.3.3 SCADA protocols’s implementation 3.3.4 Linking internal/external world components. 3.3.5 Simulation of a controlled environment 3.4 SCADAVT Application 3.4.1 The SCADAVT setup 3.4.2 The water distribution system setup. 3.4.3 SCADA system setup for WDS 3.4.4 Configuration steps. 3.5 Attack Scenarios. 3.5.1 Denial of Service (DoS) Attacks 3.5.2 Integrity Attacks. 3.6 Conclusion. 3.7 Appendix for this Chapter 3.7.1 Modbus registers mapping. 3.7.2 The configuration of IOModuleGate. 4 Efficientk-Nearest Neighbour Approach based on Various-WidthsClustering 4.1 Introduction 4.2 Related Work. 4.3 ThekNNVWC Approach. 4.3.1 FWC Algorithm and Its Limitations 4.3.2 Various-Widths Clustering. Partitioning process. Merging process. Parameters 4.3.3 Thek-NN Search 4.4 Experimental Evaluation. 4.4.1 Data sets. 4.4.2 Performance Metrics Reduction Rate of Distance Computations Reduction Rate of Computation Time 4.4.3 Impact of Cluster Size. 4.4.4 Baseline Methods KD-tree Ball tree. Cover tree FWC 4.4.5 Distance Metric. 4.4.6 Complexity Metrics. Search Time. Construction Time. 4.5 Conclusion. 5 SCADA Data-Driven Anomaly Detection 5.1 Introduction 5.2 SDAD Approach. 5.2.1 Observation State of SCADA Points. 5.2.2 Separation of Inconsistent Observations. Inconsistency scoring The Separation Threshold. 5.2.3 Extracting Proximity-Detection Rules. 5.2.4 Inconsistency Detection. 5.3 Experimental Setup. 5.3.1 System Setup 5.3.2 WDS Scenario 5.3.3 Attack scenario. 5.3.4 Data sets. Simulated Data Sets Real Data Sets 5.3.5 Normalization 5.4 Results and Analysis. 5.4.1 Accuracy metrics. 5.4.2 Separation Accuracy of Inconsistent observations 5.4.3 Detection Accuracy. k-means algorithm SDAD Evaluation 5.5 SDAD Limitations 5.6 Conclusion. 6 A Global Anomaly Threshold to Unsupervised Detection) 6.1 Introduction 6.2 Related Work. 6.3 GATUD Approach 6.3.1 Learning of Most-Representative Data Sets. Step 1: Anomaly Scoring Step 2: Selection of Candidate Sets. 6.3.2 Decision-Making Model. Illustrative Example. 6.4 Experimental Setup 6.4.1 Choice of Parameters 6.4.2 The Candidate Classifiers. 6.5 Results and Discussion. 6.5.1 Integrating GATUD into SDAD Results of the separation process with/without GATUD Results of proximity detection rules with/without GATUD 6.5.2 Integrating GATUD into clustering-based method.192xi 6.6 Conclusion. 7 Conclusion 7.1 Summary A framework for SCADA security testbed (SCADAVT) An efficient search fork-NN in large and high dimensional data. Clustering-based proximity rules for SCADA anomaly detection. Towards global anomaly threshold to unsupervised detection. 7.2 Future Work Bibliography.209 … (more)
- Edition:
- 1st
- Publisher Details:
- Hoboken : John Wiley & Sons, Inc
- Publication Date:
- 2020
- Extent:
- 1 online resource
- Subjects:
- 629.895583
Supervisory control systems
Automatic control -- Security measures
Intrusion detection systems (Computer security)
Machine learning - Languages:
- English
- ISBNs:
- 9781119606352
- Related ISBNs:
- 9781119606079
- Notes:
- Note: Description based on CIP data; resource not viewed.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.578850
- Ingest File:
- 03_220.xml