INTRUSION DETECTION IN SCADA SYSTEMS USING ONE-CLASS CLASSIFICATION

Supervisory Control and Data Acquisition (SCADA) systems allow remote monitoring and control of critical infrastructures such as electrical power grids, gas pipelines, nuclear power plants, etc. Cyberattacks threatening these infrastructures may cause serious economic losses and may impact the health and safety of the employees and the citizens living in the area. The diversity of cyberattacks and the complexity of the studied systems make modeling cyberattacks very difficult or even impossible. This paper outlines the importance of one-class classification in detecting intrusions in SCADA systems. Two approaches are investigated, the Support Vector Data Description and the Kernel Principal Component Analysis. A case study on a gas pipeline testbed is provided with real data containing many types of cyberattacks.