SCADA intrusion detection scheme exploiting the fusion of modified decision tree and Chi-square feature selection

被引:40
作者
Ahakonye, Love Allen Chijioke [1 ]
Nwakanma, Cosmas Ifeanyi [1 ]
Lee, Jae-Min [1 ]
Kim, Dong-Seong [1 ]
机构
[1] Kumoh Natl Inst Technol, IT Convergence Engn, Gumi, South Korea
关键词
Anomaly detection; Chi-square; Feature selection; Mathews correlation coefficient; IIoT; ICS; SCADA intrusion detection; MODEL; NETWORKS; SECURITY; ENSEMBLE; SYSTEM;
D O I
10.1016/j.iot.2022.100676
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The industrial internet of things (IIoT) and supervisory control and data acquisition (SCADA) have experienced ubiquitous growth recently. This growth comes with the challenge of an increased number of unusual attacks constituting threats. The existence and effect of intruders and their innovative attack techniques are rising. Although the existing intrusion detection systems (IDS) safeguard the networks, they have been computationally expensive. In real -time domains, available methods lag, necessitating additional research into effective feature extraction schemes with time exigency. An IDS with a fused feature selection (FS) approach for detecting and classifying attacks in a real-time SCADA network is imperative. It is to enable the resolution of computationally complex vulnerability detection schemes. The proposed technique is in three (3) phases: (a) data preparation which involves data cleansing and normalization, and (b) a fused feature selection approach built to obtain an optimal subset of features using Chi-square. (c) deployment of the modified decision tree (MDT) for anomaly detection and classification. Lastly, the reliability of the proposed model was validated, demonstrating suitability in precisely detecting abnormalities while minimizing computational time. This improvement enables adaptability for the IDS deployment scheme in a real-time situation, which could be in the control center. The validation results reveal that when the proposed chi-square-based (fused) feature extraction is employed, it performs optimally to other FS techniques and ML classifiers, compared across four (4) publicly available datasets. Cohen's kappa coefficient (CKC) further validates the proposed model's reliability. Further demonstrating the experimental results with recourse to false positive rates (FPR), the Mathews correlation coefficient (MCC) was employed. It also shows the resilience of the proposed model performance on an imbalanced dataset validating its suitability in real scenarios.
引用
收藏
页数:17
相关论文
共 53 条
[1]  
Adhikari U., 2019, Industrial Control System (ICS) cyber attack datasets
[2]   Efficient Classification of Enciphered SCADA Network Traffic in Smart Factory Using Decision Tree Algorithm [J].
Ahakonye, Love Allen Chijioke ;
Nwakanma, Cosmas Ifeanyi ;
Lee, Jae-Min ;
Kim, Dong-Seong .
IEEE ACCESS, 2021, 9 :154892-154901
[3]   Network intrusion detection system: A systematic study of machine learning and deep learning approaches [J].
Ahmad, Zeeshan ;
Shahid Khan, Adnan ;
Wai Shiang, Cheah ;
Abdullah, Johari ;
Ahmad, Farhan .
TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES, 2021, 32 (01)
[4]  
Ali S, 2018, STUD COMPUT INTELL, V768, P89, DOI 10.1007/978-3-319-75880-0_5
[5]   A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification [J].
Alimi, Oyeniyi Akeem ;
Ouahada, Khmaies ;
Abu-Mahfouz, Adnan M. ;
Rimer, Suvendi ;
Alimi, Kuburat Oyeranti Adefemi .
SUSTAINABILITY, 2021, 13 (17)
[6]   Composite and efficient DDoS attack detection framework for B5G networks [J].
Amaizu, G. C. ;
Nwakanma, C., I ;
Bhardwaj, S. ;
Lee, J. M. ;
Kim, D. S. .
COMPUTER NETWORKS, 2021, 188
[7]  
Andrey Teixeira M., 2019, ARXIV
[8]  
[Anonymous], 2018, NATURE INSPIRED COMP
[9]  
Cahuantzi R., 2021, arXiv, DOI [10.48550/arXiv.2107.02248, DOI 10.48550/ARXIV.2107.02248]
[10]  
Changjian Lin, 2021, Journal of Physics: Conference Series, V1856, DOI 10.1088/1742-6596/1856/1/012067