A novel intrusion detection method based on OCSVM and K-means recursive clustering

Maglaras, Leandros A. and Jiang, Jianmin (2015) A novel intrusion detection method based on OCSVM and K-means recursive clustering. EAI Endorsed Transactions on Security and Safety, 2 (3). e5. ISSN 2032-9393

[thumbnail of sesa.2.3.e5.pdf]
Available under License Creative Commons Attribution No Derivatives.

Download (1MB) | Preview


In this paper we present an intrusion detection module capable of detecting malicious network traffic in a SCADA (Supervisory Control and Data Acquisition) system, based on the combination of One-Class Support Vector Machine (OCSVM) with RBF kernel and recursive k-means clustering. Important parameters of OCSVM, such as Gaussian width o and parameter v affect the performance of the classifier. Tuning of these parameters is of great importance in order to avoid false positives and over fitting. The combination of OCSVM with recursive k- means clustering leads the proposed intrusion detection module to distinguish real alarms from possible attacks regardless of the values of parameters o and v, making it ideal for real-time intrusion detection mechanisms for SCADA systems. Extensive simulations have been conducted with datasets extracted from small and medium sized HTB SCADA testbeds, in order to compare the accuracy, false alarm rate and execution time against the base line OCSVM method.

Item Type: Article
Uncontrolled Keywords: Cyber security, SCADA systems, support vector machine, machine learning
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:50
Last Modified: 26 Mar 2021 13:50
URI: https://eprints.eudl.eu/id/eprint/2028

Actions (login required)

View Item
View Item