SCADA IDS

In this article, we investigate deep-learning-based omni intrusion detection system (IDS) for supervisory control and data acquisition (SCADA) networks that are capable of detecting both temporally uncorrelated and correlated attacks. Regarding the IDSs developed in this article, a feedforward neural network (FNN) can detect temporally uncorrelated attacks at an F1 of 99.967±0.005% but correlated attacks as low as 58±2%. In contrast, long short-term memory (LSTM) detects correlated attacks at 99.56±0.01% while uncorrelated attacks at 99.3±0.1%. Combining LSTM and FNN through an ensemble approach further improves the IDS performance with F1 of 99.68±0.04% regardless the temporal correlations among the data packets.

We present recurrent neural networks (RNN) for supervisory control and data acquisition (SCADA) Intrusion Detection System (IDS). Using long short term memory (LSTM) with many-to-many (MTM) and a novel many-to-one (MTO) architectures, both IDSs display excellent performance in detecting temporal uncorrelated attacks while MTO showing superior performance on temporal correlated attacks.