Anomaly Detection via One Class SVM for Protection of SCADA Systems

Funded by European Framework-7 (FP7), the CockpicCI project aims at developing intelligent risk detection, analysis and protection techniques for Critical Infrastructures (CI). In this paper, we describes our recent research on automated anomaly detection from central Supervisory Control and Data Acquisition (SCADA) systems and their related commands/measurements in the SCADA-field equipment communications. The work exploits the concept of one-class SVM (Support Vector Machines) and adaptively controls its decision parameter to detect unusual patterns from inputs and generate alarms for on-site engineers to further investigate. Experiments on simulation data sets from telecommunication networks illustrate that the proposed algorithm achieves high detection rates, providing excellent potential for further research and development towards practical tools for protection of SCADA systems.