Visible to the public A Host-based Intrusion Detection Model Based on OS Diversity for SCADA

TitleA Host-based Intrusion Detection Model Based on OS Diversity for SCADA
Publication TypeConference Paper
Year of Publication2020
AuthorsBulle, Bruno B., Santin, Altair O., Viegas, Eduardo K., dos Santos, Roger R.
Conference NameIECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society
Date PublishedOct. 2020
ISBN Number978-1-7281-5414-5
Keywordscompositionality, feature extraction, Human Behavior, human factors, Intrusion detection, machine learning, Measurement, OS Diversity, Proposals, pubcrawl, reliability, resilience, Resiliency, SCADA, SCADA System Security, SCADA systems, SCADA Systems Security, security

Supervisory Control and Data Acquisition (SCADA) systems have been a frequent target of cyberattacks in Industrial Control Systems (ICS). As such systems are a frequent target of highly motivated attackers, researchers often resort to intrusion detection through machine learning techniques to detect new kinds of threats. However, current research initiatives, in general, pursue higher detection accuracies, neglecting the detection of new kind of threats and their proposal detection scope. This paper proposes a novel, reliable host-based intrusion detection for SCADA systems through the Operating System (OS) diversity. Our proposal evaluates, at the OS level, the SCADA communication over time and, opportunistically, detects, and chooses the most appropriate OS to be used in intrusion detection for reliability purposes. Experiments, performed through a variety of SCADA OSs front-end, shows that OS diversity provides higher intrusion detection scope, improving detection accuracy by up to 8 new attack categories. Besides, our proposal can opportunistically detect the most reliable OS that should be used for the current environment behavior, improving by up to 8%, on average, the system accuracy when compared to a single OS approach, in the best case.

Citation Keybulle_host-based_2020