TY - JOUR
T1 - A taxonomy of supervised learning for IDSs in SCADA environments
AU - Suaboot, Jakapan
AU - Fahad, Adil
AU - Tari, Zahir
AU - Grundy, John
AU - Mahmood, Abdun Naser
AU - Almalawi, Abdulmohsen
AU - Zomaya, Albert Y.
AU - Drira, Khalil
PY - 2020/4
Y1 - 2020/4
N2 - Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.
AB - Supervisory Control and Data Acquisition (SCADA) systems play an important role in monitoring industrial processes such as electric power distribution, transport systems, water distribution, and wastewater collection systems. Such systems require a particular attention with regards to security aspects, as they deal with critical infrastructures that are crucial to organizations and countries. Protecting SCADA systems from intrusion is a very challenging task because they do not only inherit traditional IT security threats but they also include additional vulnerabilities related to field components (e.g., cyber-physical attacks). Many of the existing intrusion detection techniques rely on supervised learning that consists of algorithms that are first trained with reference inputs to learn specific information, and then tested on unseen inputs for classification purposes. This article surveys supervised learning from a specific security angle, namely SCADA-based intrusion detection. Based on a systematic review process, existing literature is categorized and evaluated according to SCADA-specific requirements. Additionally, this survey reports on well-known SCADA datasets and testbeds used with machine learning methods. Finally, we present key challenges and our recommendations for using specific supervised methods for SCADA systems.
KW - machine learning
KW - network intrusion
KW - SCADA security
KW - supervised learning
UR - http://www.scopus.com/inward/record.url?scp=85087912582&partnerID=8YFLogxK
U2 - 10.1145/3379499
DO - 10.1145/3379499
M3 - Article
AN - SCOPUS:85087912582
SN - 0360-0300
VL - 53
JO - ACM Computing Surveys
JF - ACM Computing Surveys
IS - 2
M1 - 3379499
ER -