An Evaluation of Machine Learning Methods to Detect Malicious SCADA Communications
- ORNL
Critical infrastructure Supervisory Control and Data Acquisition (SCADA) systems were designed to operate on closed, proprietary networks where a malicious insider posed the greatest threat potential. The centralization of control and the movement towards open systems and standards has improved the efficiency of industrial control, but has also exposed legacy SCADA systems to security threats that they were not designed to mitigate. This work explores the viability of machine learning methods in detecting the new threat scenarios of command and data injection. Similar to network intrusion detection systems in the cyber security domain, the command and control communications in a critical infrastructure setting are monitored, and vetted against examples of benign and malicious command traffic, in order to identify potential attack events. Multiple learning methods are evaluated using a dataset of Remote Terminal Unit communications, which included both normal operations and instances of command and data injection attack scenarios.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE Laboratory Directed Research and Development (LDRD) Program
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1111444
- Resource Relation:
- Conference: International Conference on Machine Learning and Applications, Miami, FL, USA, 20131204, 20131207
- Country of Publication:
- United States
- Language:
- English
Similar Records
Architecture and Methods for Substation SCADA Cybersecurity: Best Practices
SCADA Protocol Anomaly Detection Utilizing Compression (SPADUC) 2013