OSCIDS: An Ontology based SCADA Intrusion Detection Framework

Balushi, Abdullah Al; McLaughlin, Kieran; Sezer, Sakir

doi:10.5220/0005969803270335

Cited by 4 publications

(3 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Timeliness analysis is available in 11 studies, as indicated in Table 7. Among the results concerning packet as a unit of analysis, deep packet inspection applied in [51] outperforms other techniques [41], [43], [46] at least for an order of magnitude. In the cases where dataset instance is observed as a unit of analysis, deep learning method presented in [63] performs much worse than clustering and outlier detection [60] and hybrid method presented in [61].…”

Section: ) Timelinessmentioning

confidence: 98%

“…Expert systems were considered in [41], [55] and [58]. The system proposed in [41] uses ontology for extraction of semantic relations between attacks and detection of intrusions. Ontology is used to define the logical relationships between packet and attack instances, cyber attacks and the Modbus TCP communications.…”

Section: Knowledge-based Techniquesmentioning

confidence: 99%

“…Statistical-based techniques provide high accuracy, with low FPR and FNR rates [40], [47], [57]. Similarly, knowledge-based techniques provide good overall accuracy [41], [55], [58].…”

Section: ) Detection Accuracymentioning

confidence: 99%

See 2 more Smart Citations

A Review of Research Work on Network-Based SCADA Intrusion Detection Systems

2020

View full text Add to dashboard Cite

Specific intrusion detection systems (IDSs) are needed to secure modern supervisory control and data acquisition (SCADA) systems due to their architecture, stringent real-time requirements, network traffic features and specific application layer protocols. This article aims to contribute to assess the state-ofthe-art, identify the open issues and provide an insight for future study areas. To achieve these objectives, we start from the factors that impact the design of dedicated intrusion detection systems in SCADA networks and focus on network-based IDS solutions. We propose a structured evaluation methodology that encompasses detection techniques, protected protocols, implementation tools, test environments and IDS performance. Special attention is focused on assessing implementation maturity as well as the applicability of each surveyed solution in the Future Internet environment. Based on that, we provide a brief description and evaluation of 26 selected research papers, published in the period 2015-2019. Results of our analysis indicate considerable progress regarding the development of machine learning-based detection methods, implementation platforms, and to some extent, sophisticated testbeds. We also identify research gaps and conclude the analysis with a list of the most important directions for further research.

show abstract