Rail System Anomaly Detection via Machine Learning Approaches

Rail System Anomaly Detection via Machine Learning Approaches
Title:
Rail System Anomaly Detection via Machine Learning Approaches
Other Titles:
2020 IEEE REGION 10 CONFERENCE (TENCON)
Publication Date:
22 December 2020
Citation:
Z. S. Lee, H. Guo and L. Zhou, "Rail System Anomaly Detection via Machine Learning Approaches," 2020 IEEE REGION 10 CONFERENCE (TENCON), Osaka, Japan, 2020, pp. 824-828, doi: 10.1109/TENCON50793.2020.9293809.
Abstract:
Supervisory Control and Data Acquisition (SCADA) system which monitors and controls physical processes/operations within a rail infrastructure is critical. SCADA system’s accessing to key components and infrastructure information make it a promising attack target. This paper explores building machine learning models to detect anomalies in a rail SCADA system through the usage of network traffic data. The attack scenarios designed based on domain expertise are epoch time attack and TCP payload length attack in this paper. Data pre-processing is done before passing into machine learning approaches for training. The anomaly detection machine learning models are evaluated using several metrics such as true positive rate and precision. Results show that supervised learning approaches (K-Nearest Neighbours (KNN), Linear Support Vector Classification (LinearSVC), Random Forest, Gaussian Bayes) outperform unsupervised learning approach (K-Means). Exploration into the use of the full original network traffic versus a subset of network traffic for model training has shown that the latter performed better in precision due to the presence of overfitting to specific alarm network traffic. Finally, our experiment results show that supervised learning approach KNN is effective to detect the attacks with high precision.
License type:
PublisherCopyrights
Funding Info:
This work is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. Special thanks are also given to SMRT Trains Ltd to provide domain knowledge and technical support.
Description:
© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
ISSN:
2159-3450
Files uploaded:

File Size Format Action
tencon-2020-rail-system-anomaly-detection-via-machine-learning-approaches.pdf 871.11 KB PDF Request a copy