In Panayiotou, C. G., Ellinas, G., Kyriakides, E., & Polycarpou, M. M., editors, Proc. 9th International Conference on Critical Information Infrastructures Security, Limassol, Cyprus, 13 - 15 October, 2014. Springer International Publishing. Paper abstract bibtex
The security of critical infrastructures has gained a lot of attention in the past few years with the growth of cyberthreats and the diversity of cyberattacks. Although traditional IDS update frequently their databases of known attacks, new complex attacks are generated everyday to circumvent security systems and to make their detection nearly impossible. This paper outlines the importance of one-class classification algorithms in detecting malicious cyberattacks in critical infrastructures. The role of machine learning algorithms is complementary to IDS and firewalls, and the objective of this work is to detect intentional intrusions once they have already bypassed these security systems. Two approaches are investigated, Support Vector Data Description and Kernel Principal Component Analysis. The impact of the metric in kernels is investigated, and a heuristic for choosing the bandwidth parameter is proposed. Tests are conducted on real data with several types of cyberattacks.