A fuzzy Bayesian approach to enhance SCADA network security

Abstract

To enhance the intrusion detection system with more accuracy and less false-positive rate while still providing acceptable performance and adaptivity, a Bayesian anomaly intrusion detection system using fuzzy probability assignment is presented. After categorizing the security-related system events and properties into four models represented by their corresponding fuzzy membership functions, the real-time probabilities of specific security-breaching events are calculated and the decision of whether the system supervised is under attack is made from the synthesis of the probabilities generated. A Bayesian belief network algorithm is presented to synthesize the real-time fuzzy probabilities at runtime and proved to be effective by simulations. Compared with previous works that employs the threshold methods in identifying attacks, the algorithm describes the probabilities of security events more accurately through utilizing the continuous fuzzy probability model and scales better for modeling various kinds of system security properties in normal system behavior profiling.