Z. S. Lee, H. Guo and L. Zhou, "Rail System Anomaly Detection via Machine Learning Approaches," 2020 IEEE REGION 10 CONFERENCE (TENCON), Osaka, Japan, 2020, pp. 824-828, doi: 10.1109/TENCON50793.2020.9293809.
Supervisory Control and Data Acquisition (SCADA) system which monitors and controls physical processes/operations within a rail infrastructure is critical. SCADA system’s accessing to key components and infrastructure information make it a promising attack target. This paper explores building machine learning models to detect anomalies in a rail SCADA system through the usage of network traffic data. The attack scenarios designed based on domain expertise are epoch time attack and TCP payload length attack in this paper. Data pre-processing is done before passing into machine learning approaches for training. The anomaly detection machine learning models are evaluated using several metrics such as true positive rate and precision. Results show that supervised learning approaches (K-Nearest Neighbours (KNN), Linear Support Vector Classification (LinearSVC), Random Forest, Gaussian Bayes) outperform unsupervised learning approach (K-Means). Exploration into the use of the full original network traffic versus a subset of network traffic for model training has shown that the latter performed better in precision due to the presence of overfitting to specific alarm network traffic. Finally, our experiment results show that supervised learning approach KNN is effective to detect the attacks with high precision.
This work is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. Special thanks are also given to SMRT Trains Ltd to provide domain knowledge and technical support.