Wang Wu, Harrou Fouzi, Bouyeddou Benamar, Senouci Sidi-Mohammed, Sun Ying
Center for Applied Statistics and School of Statistics, Renmin University of China, Beijing, 100872 China.
CEMSE Division, King Abdullah University of Science and Technology (KAUST), Thuwal, 23955-6900 Saudi Arabia.
Cluster Comput. 2022;25(1):561-578. doi: 10.1007/s10586-021-03426-w. Epub 2021 Oct 5.
Presently, Supervisory Control and Data Acquisition (SCADA) systems are broadly adopted in remote monitoring large-scale production systems and modern power grids. However, SCADA systems are continuously exposed to various heterogeneous cyberattacks, making the detection task using the conventional intrusion detection systems (IDSs) very challenging. Furthermore, conventional security solutions, such as firewalls, and antivirus software, are not appropriate for fully protecting SCADA systems because they have distinct specifications. Thus, accurately detecting cyber-attacks in critical SCADA systems is undoubtedly indispensable to enhance their resilience, ensure safe operations, and avoid costly maintenance. The overarching goal of this paper is to detect malicious intrusions that already detoured traditional IDS and firewalls. In this paper, a stacked deep learning method is introduced to identify malicious attacks targeting SCADA systems. Specifically, we investigate the feasibility of a deep learning approach for intrusion detection in SCADA systems. Real data sets from two laboratory-scale SCADA systems, a two-line three-bus power transmission system and a gas pipeline are used to evaluate the proposed method's performance. The results of this investigation show the satisfying detection performance of the proposed stacked deep learning approach. This study also showed that the proposed approach outperformed the standalone deep learning models and the state-of-the-art algorithms, including Nearest neighbor, Random forests, Naive Bayes, Adaboost, Support Vector Machine, and oneR. Besides detecting the malicious attacks, we also investigate the feature importance of the cyber-attacks detection process using the Random Forest procedure, which helps design more parsimonious models.
目前,监控与数据采集(SCADA)系统在远程监控大规模生产系统和现代电网中得到了广泛应用。然而,SCADA系统不断面临各种异构网络攻击,使得使用传统入侵检测系统(IDS)进行检测任务极具挑战性。此外,传统的安全解决方案,如防火墙和杀毒软件,并不适合全面保护SCADA系统,因为它们有不同的规格。因此,准确检测关键SCADA系统中的网络攻击对于增强其恢复能力、确保安全运行以及避免高昂的维护成本无疑是不可或缺的。本文的总体目标是检测那些已经绕过传统IDS和防火墙的恶意入侵。在本文中,引入了一种堆叠深度学习方法来识别针对SCADA系统的恶意攻击。具体而言,我们研究了深度学习方法在SCADA系统入侵检测中的可行性。使用来自两个实验室规模的SCADA系统(一个两线三母线输电系统和一个天然气管道)的真实数据集来评估所提出方法的性能。这项调查的结果显示了所提出的堆叠深度学习方法令人满意的检测性能。这项研究还表明,所提出的方法优于独立的深度学习模型和包括最近邻、随机森林、朴素贝叶斯、Adaboost、支持向量机和oneR在内的最先进算法。除了检测恶意攻击外,我们还使用随机森林程序研究了网络攻击检测过程的特征重要性,这有助于设计更简洁的模型。