183
192 184
193 185
194 186
195 187
196 188
197 189
198 190
199 191
200 192
201 193
202 194
203 195
204 196
205 196
206 197
207 198
208 199
209 200
Wiley Series On Parallel and Distributed Computing
Series Editor: Albert Y. Zomaya
A complete list of titles in this series appears at the end of this volume.
SCADA SECURITY: MACHINE LEARNING CONCEPTS FOR INTRUSION DETECTION AND PREVENTION
SCADA-BASED IDs SECURITY
Abdulmohsen Almalawi
King Abdulaziz University
Zahir Tari
RMIT University
Adil Fahad
Al Baha University
Xun Yi
RMIT University
This edition first published 2021
© 2021 John Wiley & Sons, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.
The right of Abdulmohsen Almalawi, Zahir Tari, Adil Fahad, Xun Yi to be identified as the authors of this work has been asserted in accordance with law.
Registered Office John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA
Editorial Office 111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of Warranty In view of ongoing research, equipment modifications, changes in governmental regulations, and the constant flow of information relating to the use of experimental reagents, equipment, and devices, the reader is urged to review and evaluate the information provided in the package insert or instructions for each chemical, piece of equipment, reagent, or device for, among other things, any changes in the instructions or indication of usage and for added warnings and precautions. While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging-in-Publication Data:
Names: Almalawi, Abdulmohsen, author. | Tari, Zahir, author. | Fahad, Adil, author. | Yi, Xun, author.
Title: SCADA security : machine learning concepts for intrusion detection and prevention / Abdulmohsen Almalawi, King Abdulaziz University, Zahir Tari, RMIT University, Adil Fahad, Al Baha University, Xun Yi, Royal Melbourne Institute of Technology.
Description: Hoboken, NJ, USA : Wiley, 2021. | Series: Wiley series on parallel and distributed computing | Includes bibliographical references and index.
Identifiers: LCCN 2020027876 (print) | LCCN 2020027877 (ebook) | ISBN 9781119606031 (cloth) | ISBN 9781119606079 (adobe pdf) | ISBN 9781119606352 (epub)
Subjects: LCSH: Supervisory control systems. | Automatic control–Security measures. | Intrusion detection systems (Computer security) | Machine learning.
Classification: LCC TJ222 .A46 2021 (print) | LCC TJ222 (ebook) | DDC 629.8/95583–dc23
LC record available at https://lccn.loc.gov/2020027876 LC ebook record available at https://lccn.loc.gov/2020027877
Cover Design: Wiley
Cover Image: © Nostal6ie/Getty Images
To our dear parents
FOREWORD
In recent years, SCADA systems have been interfaced with enterprise systems, which therefore exposed them to the vulnerabilities of the Internet and to security threats. Therefore, there has been an increase in cyber intrusions targeting these systems and they are becoming an increasingly global and urgent problem. This is because compromising a SCADA system can lead to large financial losses and serious impact on public safety and the environment. As a countermeasure, Intrusion Detection Systems (IDSs) tailored for SCADA are designed to identify intrusions by comparing observable behavior against suspicious patterns, and to notify administrators by raising intrusion alarms. In the existing literature, there are three types of learning methods that are often adopted by IDS for learning system behavior and building the detection models, namely supervised, semisupervised, and unsupervised. In supervised learning, anomaly‐based IDS requires class labels for both normal and abnormal behavior in order to build normal/abnormal profiles. This type of learning is costly however and time‐expensive when identifying the class labels