Detection of cyberattacks in a water distribution system using machine learning techniques
Résumé
Cyberattacks threatening the industrial processes and the critical infrastructures have become more and more complex, sophisticated, and hard to detect. These cyberattacks may cause serious economic losses and may impact the health and safety of employees and citizens. Traditional Intrusion Detection Systems (IDS) cannot detect new types of cyberattacks not existing in their databases. Therefore, IDS need a complementary help to provide a maximum protection to industrial systems against cyberattacks. In this paper, we propose to use machine learning techniques, in particular one-class classification, in order to bring the necessary and complementary help to IDS in detecting cyberattacks and intrusions. One-class classification algorithms have been used in many data mining applications, where the available samples in the training dataset refer to a unique/single class.We propose a simple one-class classification approach based on a new novelty measure, namely the truncated Mahalanobis distance in the feature space. The tests are conducted on a real dataset from the primary water distribution system in France, and the proposed approach is compared with other well-known one-class approaches.
Mots clés
Kernel
France
data mining application
truncated Mahalanobis distance
Quadratic programming
Classification algorithms
Covariance matrices
Training
cybersecurity
data mining
learning (artificial intelligence)
security of data
water supply
water distribution system
machine learning technique
industrial process
economic loss
intrusion detection system
IDS
one-class classification algorithm
Computer crime
Support vector machines
one-class
machine learning
Cyberattack detection
kernel methods
Mahalanobis distance
one-class classification
Index Terms-Cyberattack detection
Maha-lanobis distance