Performance Comparison For Multi Class Classification Intrusion Detection In SCADA Systems Using Apache Spark

Raogo Kabore 1, 2 Yvon Kermarrec 1, 2 Philippe Lenca 3, 2
1 Lab-STICC_IMTA_CID_IRIS
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
3 Lab-STICC_IMTA_CID_DECIDE
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : SCADA (Supervisory Control And Data Acquisition).are industrial control systems, that allow the monitoring and control of large indutrial systems. Those systems are more and more subject to cyber attacks due to their interconnexion with corporate networks and the Internet. We are comparing in this work the performances of a SCADA-specific Intrusion Detection system built with apache Spark, using Decision Tree, Naïve Bayes, Random Forest and Multilayer Perceptron approaches. Our Comparison criterias are the recall, specificity, precision, training time and detection time. The dataset used is obtained from a Modbus control system that monitors a water storage tank system. The dataset contains normal as well as different caregories of attack tuples. Our Intrusion Detection framework is a Hadoop cluster using Hive and the Spark ML library. The experimentation results show that the Decision Tree classifier has a very good detection rate (recall of 100 %) for all tuples categories except the Denial-of-Service (recall of 0). Decision Tree has also a fairly good training and detection time (7.84 s and 0.23 s respectively). The Random Forest also has a good detection rate for all classes apart DoS. But it has only 60% detection rate for the DoS class and longer training and detection. Naïve Bayes and Multilayer Perceptron have an overall poor classification results, but Naïve Bayes is very fast at training (2.96 s) and detecting (0.14 s) . Multilayer Perceptron on the other hand, while taking time to train (155.51 s) is very fast in the prediction phase (0.16 s).
Type de document :
Poster
8th Global Techmining Conference, Sep 2018, Leiden, Netherlands
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01876894
Contributeur : Bibliothèque Télécom Bretagne <>
Soumis le : mercredi 19 septembre 2018 - 07:26:51
Dernière modification le : vendredi 21 septembre 2018 - 01:19:40

Identifiants

  • HAL Id : hal-01876894, version 1

Citation

Raogo Kabore, Yvon Kermarrec, Philippe Lenca. Performance Comparison For Multi Class Classification Intrusion Detection In SCADA Systems Using Apache Spark. 8th Global Techmining Conference, Sep 2018, Leiden, Netherlands. 〈hal-01876894〉

Partager

Métriques

Consultations de la notice

44