Hierarchical Online Intrusion Detection for SCADA Networks

TL;DR

This paper introduces HOIDS, a hierarchical online intrusion detection system for SCADA networks that leverages machine learning to achieve high detection accuracy with minimal network impact, scalability, and efficiency.

Contribution

The paper presents a novel hierarchical architecture for SCADA intrusion detection using machine learning models, combining distributed clients with centralized detection for improved security.

Findings

High detection rate with minimal network impact

Effective use of logistic regression and PCA for attack detection

Scalable and cost-effective security solution for SCADA

Abstract

We propose a novel hierarchical online intrusion detection system (HOIDS) for supervisory control and data acquisition (SCADA) networks based on machine learning algorithms. By utilizing the server-client topology while keeping clients distributed for global protection, high detection rate is achieved with minimum network impact. We implement accurate models of normal-abnormal binary detection and multi-attack identification based on logistic regression and quasi-Newton optimization algorithm using the Broyden-Fletcher-Goldfarb-Shanno approach. The detection system is capable of accelerating detection by information gain based feature selection or principle component analysis based dimension reduction. By evaluating our system using the KDD99 dataset and the industrial control system dataset, we demonstrate that HOIDS is highly scalable, efficient and cost effective for securing SCADA infrastructures.