Evaluation of Machine Learning Algorithms for Detection of Malicious Traffic in SCADA Network

Industrial Process Control Systems (IPCS) like Supervisory Control and Data Acquisition (SCADA) systems are more vulnerable to cyber-attacks. Detection of malicious traffic in IPCS-SCADA network using machine learning techniques is one of the security enhancement methods of Industrial Process Control Systems. The existing network intrusion detection methods used limited old data sets and little addressed for IPCS-SCADA specific network. In this paper we evaluated machine learning algorithms with and with out filtering and sampling techniques for intrusion detection in IPCS-SCADA network. In this work, we generated own data set with network traffic contains both normal and attack data using a real time SCADA test bed. Next we applied feature extraction techniques Chi-Square, ANOVA and Least Absolute Shrinkage and Selection Operator (LASSO) to reduce the feature set dimensionality. We applied SVM variant Synthetic Minority Oversampling Technique (SVMSMOTE) for handling this imbalance data set. After that we used four Machine Learning (ML) algorithms like Random Forest (RF), Support Vector Machine (SVM), K-nearest neighbors (KNN) and Naive Bayes (NB) and calculated various performance metrics like Accuracy, Matthews correlation coefficient (MCC), recall, F1-score, FNR and ROC. We evaluated the performance of these ML algorithms with (a) ML techniques only (b) ML techniques with feature selection methods (c) ML techniques with SVMSMOTE only (d) ML techniques with both feature selection methods and SVMSMOTE. We concluded from the results that SVM algorithm with filtering and SVMSMOTE technique outperforms compared to other three machine learning algorithms, with ROC  value of 99.96%.