Integrated OCSVM mechanism for intrusion detection in SCADA systems

Intrusion detection in real-time systems is a problem without a profound solution. In supervisory control and data acquisition (SCADA) systems the absence of a defence mechanism that can cope with different types of intrusions is of great importance. False positive alarms or mistakes regarding the origin of the intrusion mean severe costs for the system. An integrated one-class support vector machine (OCSVM) mechanism that is distributed in a SCADA network is presented, as a part of an intrusion detection system, providing accurate information about the origin and the time of an intrusion. The module reads the network traffic, splits traffic according to the source of the packets and creates a cluster of OCSVM models. These trained models run in parallel and can accurately and fast recognise different types of attacks.