Journals Proceedings

Abstract

In traditional intrusion detection systems (IDS) used for critical infrastructure protection, such as SCADA (Supervisory Control and Data Acquisition) systems, intrusion alerts are analyzed by human analysts (security analysts). They evaluate the alerts and take decisions accordingly. Nevertheless, this is an extremely difficult and time consuming task as the number of alerts generated could be quite large and the environment may also change rapidly. This makes automated detection techniques more efficient for intrusion detection than human analysts. This paper we describes a new European Framework-7 funded research project, CockpicCI, and introduce an intelligent rick detection and analysis technique for Critical Infrastructures (CI). Results show that the proposed OCSVM (One Class Support Vector Machine) based intrusion detection approach can be effectively used to detect both known and unknown attacks.