Integrated OCSVM mechanism for intrusion detection in SCADA systems



Intrusion detection in real-time systems is a problem without a profound solution. In supervisory control and data acquisition (SCADA) systems the absence of a defence mechanism that can cope with different types of intrusions is of great importance. False positive alarms or mistakes regarding the origin of the intrusion mean severe costs for the system. An integrated one-class support vector machine (OCSVM) mechanism that is distributed in a SCADA network is presented, as a part of an intrusion detection system, providing accurate information about the origin and the time of an intrusion. The module reads the network traffic, splits traffic according to the source of the packets and creates a cluster of OCSVM models. These trained models run in parallel and can accurately and fast recognise different types of attacks.


support vector machines, real-time systems, SCADA systems, security of data


Critical Infrastructure Protection, Online Anomaly Detection

Related Project

FP7 CockpitCI: Cybersecurity on SCADA: risk prediction, analysis and reaction tools for Critical Infrastructures


IET Electronics Letters, Vol. 50, #25, pp. 1935-1936, Chris Toumazou and Ian White, December 2014


Cited by

Year 2018 : 7 citations

 Yan Tengfei, Shang Wenli, Zhao Jianming, Qiao Feng, Zeng Peng, "Anomaly detection algorithm based on OCSVM double contour model of genetic algorithm optimization for industrial control system", Application Research of Computers Journal, Volume 36, 2019, Issue 11. DOI: 10.3969/j.issn.1001-3695.2018.04.0313. Available at: (published online: August 2018)

 Hong KS., Kim HB., Kim DH., Seo JT. (2019), Detection of Replay Attack Traffic in ICS Network. In: Lee R. (eds) Applied Computing and Information Technology. ACIT 2018. Studies in Computational Intelligence, vol 788. Springer, Cham. DOI: 10.1007/978-3-319-98370-7_10

 H. Yang and Z. Zhou, "A Novel Intrusion Detection Scheme Using Cloud Grey Wolf Optimizer," 2018 37th Chinese Control Conference (CCC), Wuhan, China, 2018, pp. 8297-8302. doi: 10.23919/ChiCC.2018.8483324

 Gökhan TI?ILSEL Güleser Kalayc? DEMiR, "Texture Recognition Using Importance Based One-Class Classifier", (orig) "Önem Tahminleme Tabanl? Tek S?n?f S?n?flay?c? ile Doku Tan?ma", Dokuz Eylul University-Faculty of Engineering Journal of Science and Engineering, January 2018. doi: 10.21205/deufmd.2018205807

 R. Liu, W. Li, X. Liu, X. Lu, T. Li and Q. Guo, "An Ensemble of Classifiers Based on Positive and Unlabeled Data in One-Class Remote Sensing Classification," in IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, vol. PP, no. 99, pp. 1-13. doi: 10.1109/JSTARS.2017.2789213

 Cyntia Vargas Martínez, Birgit Vogel-Heuser (2018). Towards Industrial Intrusion Prevention Systems: A Concept and Implementation for Reactive Protection. Applied Sciences. 8. 2460. DOI: 10.3390/app8122460.

 Li Ting ; Hong Zhennan ; Liu Zhiyong ; Xiao Tizheng, Intrusion Detection of Industrial Control System Based on Incremental Single Class Support Vector Machine, Information and Control, China Automation Society, issue 6, December 2018. DOI:10.13976/j.cnki.xk.2018.7431

Year 2017 : 5 citations

 M. Keshk, N. Moustafa, E. Sitnikova and G. Creech, "Privacy preservation intrusion detection technique for SCADA systems," 2017 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, 2017, pp. 1-6.
doi: 10.1109/MilCIS.2017.8190422

 S. Shitharth, D. Prince Winston, An enhanced optimization based algorithm for intrusion detection in SCADA network, Computers & Security, Available online 2 May 2017, ISSN 0167-4048,

 M. Wan, W. Shang and P. Zeng, "Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems," in IEEE Transactions on Information Forensics and Security, vol. 12, no. 12, pp. 3011-3023, Dec. 2017. doi: 10.1109/TIFS.2017.2730581

 CTJ Dodson (2017) On some information geometric approaches to cyber security. In: Nicholas J Daras and Thermistocles M Rassias, (eds). Operations Research, Engineering, and Cyber Security. Springer Optimization and Its Applications (113). Springer, Germany. DOI: 10.1007/978-3-319-51500-7_9

 Koch, Robert & Kühn, Teo, "Defending the grid: Backfitting non-expandable control systems", in Proc. of Conference: 2017 9th International Conference on Cyber Conflict (CyCon), May 2017. DOI: 10.23919/CYCON.2017.8240335.

Year 2016 : 3 citations

 A. Almalawi, A. Fahad, Z. Tari, A. Alamri, R. AlGhamdi and A. Y. Zomaya, "An Efficient Data-Driven Clustering Technique to Detect Attacks in SCADA Systems," in IEEE Transactions on Information Forensics and Security, vol. 11, no. 5, pp. 893-906, May 2016. doi: 10.1109/TIFS.2015.2512522

 Ming Zeng, Yu Yang, Junsheng Cheng, "A generalized Mitchell-Dem'yanov-Malozemov algorithm for one-class support vector machine", Knowledge-Based Systems, Available online 15 June 2016, ISSN 0950-7051,

 A. Ghaleb, S. Zhioua, A. Almulhem. SCADA-SST: A SCADA Security Testbed. World Congress on Industrial Control Systems Security (WCICSS-2016). December 12-14, 2016, London, UK.

Year 2015 : 5 citations

 AlMajed, N et al, "Prevention of crime in B2C E-Commerce: How E-Retailers/Banks protect themselves from Criminal Activities", EAI Transactions on Secutiry and Safety, 2015

 A. Al-Mahrouqi, S. Abdalla and T. Kechadi, "Efficiency of network event logs as admissible digital evidence," Science and Information Conference (SAI), 2015, London, 2015, pp. 1257-1265.
doi: 10.1109/SAI.2015.7237305

 Janicke, Helge, et al. "Runtime-Monitoring for Industrial Control Systems." Electronics 4.4 (2015): 995-1017.

 Shang, Wenli, et al. "Intrusion detection algorithm based on OCSVM in industrial control system." Security and Communication Networks (2015).

 Zeng, Ming, Yu Yang, and Junsheng Cheng. "A generalized Gilbert algorithm and an improved MIES for one-class support vector machine." Knowledge-Based Systems 90 (2015): 211-223.