HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

An HMM-Based Anomaly Detection Approach for SCADA Systems

Abstract : We describe the architecture of an anomaly detection system based on the Hidden Markov Model (HMM) for intrusion detection in Industrial Control Systems (ICS) and especially in SCADA systems interconnected using TCP/IP. The proposed system exploits the unique characteristics of ICS networks and protocols to efficiently detect multiple attack vectors. We evaluate the proposed system in terms of detection accuracy using as reference datasets made available by other researchers. These datasets refer to real industrial networks and contain a variety of identified attack vectors. We benchmark our findings against a large set of machine learning algorithms and demonstrate that our proposal exhibits superior performance characteristics.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 20, 2017 - 2:53:55 PM
Last modification on : Monday, November 20, 2017 - 2:56:07 PM
Long-term archiving on: : Wednesday, February 21, 2018 - 2:55:57 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Kyriakos Stefanidis, Artemios Voyiatzis. An HMM-Based Anomaly Detection Approach for SCADA Systems. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. pp.85-99, ⟨10.1007/978-3-319-45931-8_6⟩. ⟨hal-01639609⟩



Record views


Files downloads