Time series processing-based malicious activity detection in SCADA systems

Michael Zaslavski; Meir Kalech

doi:10.1016/j.iot.2024.101355

Time series processing-based malicious activity detection in SCADA systems

Michael Zaslavski, Meir Kalech

Ben-Gurion University of the Negev

Research output: Contribution to journal › Article › peer-review

Abstract

Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

Original language	English
Article number	101355
Journal	Internet of Things (Netherlands)
Volume	28
DOIs	https://doi.org/10.1016/j.iot.2024.101355
State	Published - Dec 2024
Externally published	Yes

Bibliographical note

Publisher Copyright:
© 2024 Elsevier B.V.

Keywords

Anomaly detection
Intrusion detection
SCADA
Time-series

Access to Document

10.1016/j.iot.2024.101355

Cite this

@article{537b4198d55a433ea31b19a708a781f5,

title = "Time series processing-based malicious activity detection in SCADA systems",

abstract = "Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.",

keywords = "Anomaly detection, Intrusion detection, SCADA, Time-series",

author = "Michael Zaslavski and Meir Kalech",

note = "Publisher Copyright: {\textcopyright} 2024 Elsevier B.V.",

year = "2024",

month = dec,

doi = "10.1016/j.iot.2024.101355",

language = "אנגלית",

volume = "28",

journal = "Internet of Things (Netherlands)",

issn = "2542-6605",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - Time series processing-based malicious activity detection in SCADA systems

AU - Zaslavski, Michael

AU - Kalech, Meir

PY - 2024/12

Y1 - 2024/12

N2 - Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

AB - Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

KW - Anomaly detection

KW - Intrusion detection

KW - SCADA

KW - Time-series

UR - http://www.scopus.com/inward/record.url?scp=85203124291&partnerID=8YFLogxK

U2 - 10.1016/j.iot.2024.101355

DO - 10.1016/j.iot.2024.101355

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85203124291

SN - 2542-6605

VL - 28

JO - Internet of Things (Netherlands)

JF - Internet of Things (Netherlands)

M1 - 101355

ER -

Time series processing-based malicious activity detection in SCADA systems

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this