A One-Class NIDS for SDN-Based SCADA Systems

Power systems are undergoing an intense process of modernization, and becoming highly dependent on networked systems used to monitor and manage system components. These so-called Smart Grids comprise energy generation, transmission, and distribution subsystems, which are monitored and managed by Supervisory Control and Data Acquisition (SCADA) systems. In this paper, we discuss the benefits of using Software-Defined Networking (SDN) to assist in the deployment of next generation SCADA systems. We also present a specific Network-Based Intrusion Detection System (NIDS) for SDN-based SCADA systems, which uses SDN to capture network information and is responsible for monitoring the communication between power grid components. Our approach relies on SDN to periodically gather statistics from network devices, which are then processed by One-Class Classification (OCC) algorithms. Given that attack traces in SCADA networks are scarce and not publicly disclosed by utility companies, the main advantage of using OCC algorithms is that they do not depend on known attack signatures to detect possible malicious traffic. Our results indicate that OCC algorithms achieve an approximate accuracy of 98% and can be effectively used to detect cyber-attacks targeted against SCADA systems.