On Using Physical Based Intrusion Detection in SCADA Systems

Intrusion detection in SCADA systems has received increased attention from researchers as connectivity to public networks became a necessity in many industries. The nature and characteristics of SCADA systems call for special considerations and techniques of intrusion detection. Many works have been made in this field, ranging from generic intrusion detection techniques to customized solutions designed specifically for SCADA systems. In the recent years, some works have focused on using physical metrics in addition to the popular network-based and host-based intrusion detection approaches. This paper presents a taxonomy that considers the special features of cyberphysical intrusion detection systems (IDSs) with examples from the literature. Moreover, a case study is presented for a simulated gas pipeline dataset to compare the effectiveness of decision tree classifiers for various categories of features in SCADA systems. The results show that an IDS that uses a combination of physical and network metrics significantly outperforms an IDS that only uses network metrics or physical metrics. (C) 2020 The Authors. Published by Elsevier B.V.