Cover Image

Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data

Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is...

Full description

Saved in:
Bibliographic Details
Main Authors: Almalawi, A., Fahad, A., Tari, Z., Khan, A.I., Alzahrani, N., Bakhsh, S.T., Alassafi, M.O., Alshdadi, A., Qaiyum, S.
Format: Article
Published: MDPI AG 2020
Online Access:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85086671739&doi=10.3390%2felectronics9061017&partnerID=40&md5=43974677e7dfc31730cf9391daef7321
http://eprints.utp.edu.my/23412/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utp.eprints.23412
record_format eprints
spelling my.utp.eprints.234122021-08-19T07:22:21Z Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data Almalawi, A. Fahad, A. Tari, Z. Khan, A.I. Alzahrani, N. Bakhsh, S.T. Alassafi, M.O. Alshdadi, A. Qaiyum, S. Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is sensitive to parameter choices, especially when the boundaries between normal and abnormal behaviours are not clearly distinguishable. Therefore, the current approach in detecting anomaly for SCADA is based on the assumptions by which anomalies are defined; these assumptions are controlled by a parameter choice. This paper proposes an add-on anomaly threshold technique to identify the observations whose anomaly scores are extreme and significantly deviate from others, and then such observations are assumed to be �abnormal�. The observations whose anomaly scores are significantly distant from �abnormal� ones will be assumed as �normal�. Then, the ensemble-based supervised learning is proposed to find a global and efficient anomaly threshold using the information of both �normal�/�abnormal� behaviours. The proposed technique can be used for any unsupervised anomaly detection approach to mitigate the sensitivity of such parameters and improve the performance of the SCADA unsupervised anomaly detection approaches. Experimental results confirm that the proposed technique achieved a significant improvement compared to the state-of-the-art of two unsupervised anomaly detection algorithms. © 2020 by the authors. Licensee MDPI, Basel, Switzerland. MDPI AG 2020 Article NonPeerReviewed https://www.scopus.com/inward/record.uri?eid=2-s2.0-85086671739&doi=10.3390%2felectronics9061017&partnerID=40&md5=43974677e7dfc31730cf9391daef7321 Almalawi, A. and Fahad, A. and Tari, Z. and Khan, A.I. and Alzahrani, N. and Bakhsh, S.T. and Alassafi, M.O. and Alshdadi, A. and Qaiyum, S. (2020) Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data. Electronics (Switzerland), 9 (6). pp. 1-20. http://eprints.utp.edu.my/23412/
institution Universiti Teknologi Petronas
building UTP Resource Centre
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Petronas
content_source UTP Institutional Repository
url_provider http://eprints.utp.edu.my/
description Supervisory control and data acquisition (SCADA) systems monitor and supervise our daily infrastructure systems and industrial processes. Hence, the security of the information systems of critical infrastructures cannot be overstated. The effectiveness of unsupervised anomaly detection approaches is sensitive to parameter choices, especially when the boundaries between normal and abnormal behaviours are not clearly distinguishable. Therefore, the current approach in detecting anomaly for SCADA is based on the assumptions by which anomalies are defined; these assumptions are controlled by a parameter choice. This paper proposes an add-on anomaly threshold technique to identify the observations whose anomaly scores are extreme and significantly deviate from others, and then such observations are assumed to be �abnormal�. The observations whose anomaly scores are significantly distant from �abnormal� ones will be assumed as �normal�. Then, the ensemble-based supervised learning is proposed to find a global and efficient anomaly threshold using the information of both �normal�/�abnormal� behaviours. The proposed technique can be used for any unsupervised anomaly detection approach to mitigate the sensitivity of such parameters and improve the performance of the SCADA unsupervised anomaly detection approaches. Experimental results confirm that the proposed technique achieved a significant improvement compared to the state-of-the-art of two unsupervised anomaly detection algorithms. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.
format Article
author Almalawi, A.
Fahad, A.
Tari, Z.
Khan, A.I.
Alzahrani, N.
Bakhsh, S.T.
Alassafi, M.O.
Alshdadi, A.
Qaiyum, S.
spellingShingle Almalawi, A.
Fahad, A.
Tari, Z.
Khan, A.I.
Alzahrani, N.
Bakhsh, S.T.
Alassafi, M.O.
Alshdadi, A.
Qaiyum, S.
Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
author_facet Almalawi, A.
Fahad, A.
Tari, Z.
Khan, A.I.
Alzahrani, N.
Bakhsh, S.T.
Alassafi, M.O.
Alshdadi, A.
Qaiyum, S.
author_sort Almalawi, A.
title Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
title_short Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
title_full Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
title_fullStr Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
title_full_unstemmed Add-on anomaly threshold technique for improving unsupervised intrusion detection on SCADA data
title_sort add-on anomaly threshold technique for improving unsupervised intrusion detection on scada data
publisher MDPI AG
publishDate 2020
url https://www.scopus.com/inward/record.uri?eid=2-s2.0-85086671739&doi=10.3390%2felectronics9061017&partnerID=40&md5=43974677e7dfc31730cf9391daef7321
http://eprints.utp.edu.my/23412/
_version_ 1738656468337426432
score 13.160551

Similar Items