An HMM-Based Anomaly Detection Approach for SCADA Systems

Abstract : We describe the architecture of an anomaly detection system based on the Hidden Markov Model (HMM) for intrusion detection in Industrial Control Systems (ICS) and especially in SCADA systems interconnected using TCP/IP. The proposed system exploits the unique characteristics of ICS networks and protocols to efficiently detect multiple attack vectors. We evaluate the proposed system in terms of detection accuracy using as reference datasets made available by other researchers. These datasets refer to real industrial networks and contain a variety of identified attack vectors. We benchmark our findings against a large set of machine learning algorithms and demonstrate that our proposal exhibits superior performance characteristics.
Type de document :
Communication dans un congrès
Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.85-99, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_6〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01639609
Contributeur : Hal Ifip <>
Soumis le : lundi 20 novembre 2017 - 14:53:55
Dernière modification le : lundi 20 novembre 2017 - 14:56:07
Document(s) archivé(s) le : mercredi 21 février 2018 - 14:55:57

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Kyriakos Stefanidis, Artemios Voyiatzis. An HMM-Based Anomaly Detection Approach for SCADA Systems. Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.85-99, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_6〉. 〈hal-01639609〉

Partager

Métriques

Consultations de la notice

107