Intrusion Detection System Design and Performance Evaluation for SCADA Networks

Intrusion Detection System Design and Performance Evaluation for SCADA Networks

Bibliographic Details
Main Author: Khan, Ahsan Al Zaki
Language:English
Published: University of Toledo / OhioLINK 2019
Subjects:
Computer Science
Computer Engineering
Artificial Intelligence
Online Access:http://rave.ohiolink.edu/etdc/view?acc_num=toledo1575950415516331
id ndltd-OhioLink-oai-etd.ohiolink.edu-toledo1575950415516331
record_format oai_dc
collection NDLTD
language English
sources NDLTD
topic Computer Science
Computer Engineering
Artificial Intelligence
spellingShingle Computer Science
Computer Engineering
Artificial Intelligence
Khan, Ahsan Al Zaki
Intrusion Detection System Design and Performance Evaluation for SCADA Networks
author Khan, Ahsan Al Zaki
author_facet Khan, Ahsan Al Zaki
author_sort Khan, Ahsan Al Zaki
title Intrusion Detection System Design and Performance Evaluation for SCADA Networks
title_short Intrusion Detection System Design and Performance Evaluation for SCADA Networks
title_full Intrusion Detection System Design and Performance Evaluation for SCADA Networks
title_fullStr Intrusion Detection System Design and Performance Evaluation for SCADA Networks
title_full_unstemmed Intrusion Detection System Design and Performance Evaluation for SCADA Networks
title_sort intrusion detection system design and performance evaluation for scada networks
publisher University of Toledo / OhioLINK
publishDate 2019
url http://rave.ohiolink.edu/etdc/view?acc_num=toledo1575950415516331
work_keys_str_mv AT khanahsanalzaki intrusiondetectionsystemdesignandperformanceevaluationforscadanetworks
_version_ 1719456759899226112
spelling ndltd-OhioLink-oai-etd.ohiolink.edu-toledo15759504155163312021-08-03T07:13:36Z Intrusion Detection System Design and Performance Evaluation for SCADA Networks Khan, Ahsan Al Zaki Computer Science Computer Engineering Artificial Intelligence This thesis entails a research project to assess and evaluate the performance of various Machine Learning classifier designs for misuse intrusion detection for industrial SCADA networks. As an industrial representative case, the dataset for a gas pipeline setup in Mississippi State University’s SCADA Laboratory is employed for the research study. The dataset consists of three attack groups which entails seven different attack classes or categories for the laboratory prototype of a gas pipeline SCADA network. The same dataset further provides signatures of 35 different types of sub-attacks which are related to those seven attack classes.A number feature extraction and multi-stage classifier designs leveraging binary and multiple classes are utilized to determine the best performing combination of feature set and classifier design. The overall study is presented in multiple sections each of which discusses a unique approach to preprocessing, feature extraction, dataset utilization for training and testing, and classifier selection and design. First study entailed design of two types of classifiers for each of the three attack groups, namely Response, Command, and Function. One type of classifier was binary: it considered records belonging to normal operation versus an attack group. Its decision was that the record being classified either indicated normal operation or pointed at an attack belonging to that group. The second classifier type considered normal records and specific attack labels for each group of attacks, and hence performed multi-category classification. Overall six different types of classifiers were developed: one binary and one multi-category for each of three attack groups. Only one type of Machine Learning algorithm from the set including naive Bayes, PART and Random Forest implementations in the Weka toolset was employed for each of six types resulting in eighteen different classification cases. Random Forest classifier performed consistently at a higher level compared to other two for nearly all cases. We then compared with two literature studies which used the same dataset and had their result published with the performance metrics we used. Our classifier designs outperformed in all cases.The second study entailed the design of three-stage machine learning classifier as a misuse intrusion detection system to detect specifically each of the 35 attack subclasses. The first stage of the classifier identified if a record belonged to normal operation or attack signature. If the record was found to belong to attack signature, then in the second stage, a multi-category design analyzed the attack to classify it into one of seven attack classes. Based on the identified attack class as determined by the output from the second stage classifier, the attack record was provided for a third stage sub-attack classification, where seven different classifiers were employed. The output from the third stage classifier identified the sub-attack type to which the record belonged. Performance of the multi-stage 35-attack sub-class classifier was compared to a single stage 35-attack sub-class classifier. The multi-stage classifier outperformed the single-stage classifier. Further comparison with compatible studies in the literature also indicated that the multi-stage classifier performed notably better. Simulation results of the overall study indicate that designs exploring specialization to domains or executing the classification in multiple stages are promising for problems where the features, collectively, may not have the needed discriminatory power to identify a specific class in the presence of tens of classes. 2019 English text University of Toledo / OhioLINK http://rave.ohiolink.edu/etdc/view?acc_num=toledo1575950415516331 http://rave.ohiolink.edu/etdc/view?acc_num=toledo1575950415516331 unrestricted This thesis or dissertation is protected by copyright: all rights reserved. It may not be copied or redistributed beyond the terms of applicable copyright laws.

Similar Items