# Improving SIEM for Critical SCADA Water Infrastructures Using Machine   Learning

**Authors:** Hanan Hindy, David Brosset, Ethan Bayne, Amar Seeam, Xavier, Bellekens

arXiv: 1904.05724 · 2019-04-12

## TL;DR

This paper presents a machine learning-based anomaly detection model for SCADA water systems that distinguishes between cyber-attacks and internal failures, providing probabilistic alerts to improve response times.

## Contribution

The work introduces a novel anomaly detection approach for SCADA water systems that offers probabilistic notifications, enhancing decision-making and response efficiency.

## Key findings

- Effective detection of hardware failures and cyber-attacks
- Model provides probabilistic alerts for anomalies
- Validated on real-world dataset

## Abstract

Network Control Systems (NAC) have been used in many industrial processes. They aim to reduce the human factor burden and efficiently handle the complex process and communication of those systems. Supervisory control and data acquisition (SCADA) systems are used in industrial, infrastructure and facility processes (e.g. manufacturing, fabrication, oil and water pipelines, building ventilation, etc.) Like other Internet of Things (IoT) implementations, SCADA systems are vulnerable to cyber-attacks, therefore, a robust anomaly detection is a major requirement. However, having an accurate anomaly detection system is not an easy task, due to the difficulty to differentiate between cyber-attacks and system internal failures (e.g. hardware failures). In this paper, we present a model that detects anomaly events in a water system controlled by SCADA. Six Machine Learning techniques have been used in building and evaluating the model. The model classifies different anomaly events including hardware failures (e.g. sensor failures), sabotage and cyber-attacks (e.g. DoS and Spoofing). Unlike other detection systems, our proposed work focuses on notifying the operator when an anomaly occurs with a probability of the event occurring. This additional information helps in accelerating the mitigation process. The model is trained and tested using a real-world dataset.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.05724/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1904.05724/full.md

## References

27 references — full list in the complete paper: https://tomesphere.com/paper/1904.05724/full.md

---
Source: https://tomesphere.com/paper/1904.05724