Abstract: Free Access REFERENCES Abdulmohsen Almalawi, King Abdulaziz UniversitySearch for more papers by this authorZahir Tari, RMIT UniversitySearch for more papers by this authorAdil Fahad, Al Baha UniversitySearch for more papers by this authorXun Yi, RMIT UniversitySearch for more papers by this author Book Author(s):Abdulmohsen Almalawi, King Abdulaziz UniversitySearch for more papers by this authorZahir Tari, RMIT UniversitySearch for more papers by this authorAdil Fahad, Al Baha UniversitySearch for more papers by this authorXun Yi, RMIT UniversitySearch for more papers by this author First published: 04 December 2020 https://doi.org/10.1002/9781119606383.refs AboutPDF ToolsRequest permissionExport citationAdd to favoritesTrack citation ShareShare Give accessShare full text accessShare full-text accessPlease review our Terms and Conditions of Use and check box below to share full-text version of article.I have read and accept the Wiley Online Library Terms and Conditions of UseShareable LinkUse the link below to share a full-text version of this article with your friends and colleagues. Learn more.Copy URL Share a linkShare onEmailFacebookTwitterLinked InRedditWechat References M. Abdalla, M. Cornejo, A. Nitulescu, and D. Pointcheval. Robust password-protected secret sharing. In Proceedings of European Symposium on Research in Computer Security (ESORICS), pages 61– 79, 2016. Google Scholar J. Ahrenholz. Comparison of core network emulation platforms. In Proceedings of IEEE MILCOM Conference, pages 166– 171, 2010. Google Scholar J. Ahrenholz. CORE documentation, March 2014. URL: http://downloads.pf.itd.nrl.navy.mil/docs/core/core_manual.pdf. Google Scholar Jeff Ahrenholz, Tom Goff, and Brian Adamson. Integration of the core and emane network emulators. In Proc. of IEEE Military Communications Conference, pages 1870– 1875, 2011. Google Scholar Cristina Alcaraz and Javier Lopez. Diagnosis mechanism for accurate monitoring in critical infrastructure protection. Elsevier Journal on Computer Standards and Interfaces, 36 (3): 501– 512, 2014a. CrossrefWeb of Science®Google Scholar Cristina Alcaraz and Javier Lopez. Wasam: A dynamic wide-area situational awareness model for critical domains in smart grids. Elsevier Journal on Future Generation Computer Systems, 30: 146– 154, 2014. CrossrefWeb of Science®Google Scholar Abdulmohsen Almalawi, Adil Fahad, Zahir Tari, Abdullah Alamri, Rayed AlGhamdi, and Albert Y Zomaya. An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Transactions on Information Forensics and Security, 11 (5): 893– 906, 2015. CrossrefWeb of Science®Google Scholar American Gas Association (AGA). Cryptographic protection of SCADA communications part 1: Background, policies and test plan. Technical report, Technical Report AGA Report, 2006. Google Scholar Fabrizio Angiulli and Fabio Fassetti. Dolphin: An efficient algorithm for mining distance-based outliers in very large datasets. ACM Transactions on Knowledge Discovery from Data (TKDD), 3 (1): 4, 2009. CrossrefWeb of Science®Google Scholar Fabrizio Angiulli and Clara Pizzuti. Fast outlier detection in high dimensional spaces. Springer Journal on Principles of Data Mining and Knowledge Discovery, pages 43– 78, 2002. Google Scholar Fabrizio Angiulli, Stefano Basta, and Clara Pizzuti. Distance-based detection and prediction of outliers. IEEE Transactions on Knowledge and Data Engineering (TKDE), 18 (2): 145– 160, 2006. CrossrefWeb of Science®Google Scholar Mikhael Ankerst, Markus M. Breunig, Hans-Peter Kriegel, and Jörg Sander. Optics: Ordering points to identify the clustering structure. ACM SIGMOD Rec., 28 (2): 49– 60, June 1999. CrossrefGoogle Scholar Andreas Arning, Rakesh Agrawal, and Prabhakar Raghavan. A linear method for deviation detection in large databases. pages 164– 169. Proceedings of International Conference on Knowledge Discovery and Data Mining (KDD), August 1996. Google Scholar S. J Jarecki, A. Kiayias, H. Krawczyk, and J. Xu. Toppss: Cost-minimal password-protected secret sharing based on threshold oprf. In Proceedings of Applied Cryptography and Network Security (ACNS), pages 39– 58, 2017. Google Scholar A. Bagherzandi, S. Jarecki, N. Saxena, and Y. Lu. Password-protected secret sharing. In Proceedings of the ACM Conference on Computer and Communications Security (CSS), pages 433– 444, 2011. Google Scholar Stephen D. Bay and Mark Schwabacher. Mining distance-based outliers in near linear time with randomization and a simple pruning rule. In Proceedings of the 9th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 29– 38, 2003. Google Scholar M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In Proceedings of Eurocrypt, pages 139– 155, 2000. Google Scholar Boldizsár Bencsáth, Gábor Pék, Levente Buttyán, and Márk Félegyházi. Duqu: Analysis, detection and lessons learned. In ACM European Workshop on System Security (EuroSec), volume 2012, 2012. Google Scholar Alina Beygelzimer, Sham Kakade, and John Langford. Cover trees for nearest neighbor. In Proceedings of the 23rd ACM International Conference on Machine Learning, pages 97– 104, 2006. ISBN 1-59593-383-2. Google Scholar Jim Bird and Frank Kim. SANS survey on application security programs and practices, 2012. URL: http://www.sans.org/reading_room/analysts_program/sans_survey_appsec.pdf. Google Scholar Stuart A. Boyer. SCADA: Supervisory Control And Data Acquisition. International Society of Automation, USA, 4th edition, 2009. Google Scholar J. Brainard, A. Juels, B. Kaliski, and M. Szydlo. Nightingale: A new two-server approach for authentication with short secrets. In Proceedings of the 12th USENIX Security Symposium, pages 201– 213, 2003. Google Scholar M. M. Breunig, H. Kriegel, R. T. Ng, and J. Sander. Lof: Identifying density-based local outliers. In Proceedings of the ACM SIGMOD International Conference on Management of Data, pages 93– 104, 2000. Google Scholar Markus M. Breunig, Hans-Peter Kriegel, Raymond T. Ng, and Jörg Sander. Optics-of: Identifying local outliers. In Proceedings of the 3rd Springer European Conference on Principles of Data Mining and Knowledge Discovery, pages 262– 270, 1999. Google Scholar Christopher Bronk and Eneken Tikk-Ringas. The cyber attack on Saudi Aramco. Survival, 55 (2): 81– 96, 2013. CrossrefWeb of Science®Google Scholar Eric Byres, John Karsch, and Joel Carter. NISCC good practice guide on firewall deployment for SCADA and process control networks. National Infrastructure Security Co-Ordination Centre, 2005. Google Scholar J. Camenisch, A. Lysyanskaya, and G. Neven. Practical yet universally composable two-server password-authenticated secret sharing. In Proceedings of the ACM Conference on Computer and Communications Security (CSS), pages 525– 536, 2012. Google Scholar J. Camenisch, A. Lehmann, A. Lysyanskaya, and G. Neven. Memento: How to reconstruct your secrets from a single password in a hostile environment. In Proceedings of the Crypto Conference, pages 256– 275, 2014. Google Scholar A. Carcano, A. Coletta, M. Guglielmi, M. Masera, I. Nai Fovino, and A. Trombetta. A multidimensional critical state analysis for detecting intrusions in SCADA systems. IEEE Transactions Industrial Informatics (TII), 7 (2): 179– 186, May 2011. CrossrefWeb of Science®Google Scholar Varun Chandola, Arindam Banerjee, and Vipin Kumar. Anomaly detection: A survey. ACM Computing Surveys (CSUR), 41 (3): 15, 2009. CrossrefWeb of Science®Google Scholar C.Y. Chen, Chin-Chen Chang, and Richard Chia-Tung Lee. A near pattern-matching scheme based upon principal component analysis. Elsevier Pattern Recognition Letters, 16 (4): 339– 345, 1995. CrossrefWeb of Science®Google Scholar Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner, and Alfonso Valdes. Using model-based intrusion detection for SCADA networks. In Proceedings of the SCADA Security Scientific Symposium, pages 127– 134, 2007. Google Scholar Henrik Christiansson and Eric Luiijf. Creating a European SCADA security testbed. In Proceedings IFIP International Federation for Information Processing, volume 253, pages 237– 247, 2010. Google Scholar Brent Chun, David Culler, Timothy Roscoe, Andy Bavier, Larry Peterson, Mike Wawrzoniak, and Mic Bowman. Planetlab: An overlay testbed for broad-coverage services. ACM SIGCOMM Computer Communication Review, pages 3– 12, 2003. Google Scholar Thomas Cover and Peter Hart. Nearest neighbor pattern classification. IEEE Transactions on Information Theory, 13 (1): 21– 27, 1967. CrossrefWeb of Science®Google Scholar André Cunha, Anis Koubaa, Ricardo Severino, and Mário Alves. Open-zb: An open-source implementation of the ieee 802.15. 4/zigbee protocol stack on tinyos. In IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems, pages 1– 12, 2007. Google Scholar C. M. Davis, J. E. Tate, H. Okhravi, C. Grier, T. J. Overbye, and D. Nicol. SCADA cyber security testbed development. In Proceedings of the 8th IEEE North American Power Symposium (NAPS), pages 483– 488, 2006. Google Scholar Dorothy E. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering (TSE), SE-13 (2): 222– 232, Feb. 1987. CrossrefWeb of Science®Google Scholar QualNet Developers. Scalable network technologies: Qualnet developer, July 2012. URL: http://www.scalable-networks.com/products/developer.php. Google Scholar Thomas G. Dietterich. Ensemble methods in machine learning. Springer Journal on Multiple Classifier Systems, pages 1– 15, 2000. Google Scholar W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 32 (2): 644– 654, 1976. CrossrefGoogle Scholar Digitalbond. IDS-signatures/modbus-tcp, July 2013. URL: http://www.digitalbond.com/index.php/research/ids-signatures/modbus-tcp-ids-signatures/. Google Scholar T. ElGamal. A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, 31 (4): 469– 472, 1985. CrossrefWeb of Science®Google Scholar Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Sal Stolfo. A geometric framework for unsupervised anomaly detection. In Applications of Data Mining in Computer Security, pages 77– 101. Springer, 2002a. CrossrefGoogle Scholar Eleazar Eskin, Andrew Arnold, Michael Prerau, Leonid Portnoy, and Salvatore Stolfo. A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. Kluwer, 2002b. CrossrefGoogle Scholar N. Falliere, L. O. Murchu, and E. Chien. W32.stuxnet dossier. Technical report. Technical Report 1.4, Symantec Tech, 2011. Google Scholar Eduardo B. Fernandez, Jie Wu, M. M. Larrondo-Petrie, and Yifeng Shao. On building secure SCADA systems using security patterns. In Proceedings of the 5th ACM Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, page 17, 2009. Google Scholar W. Ford and B. S. Kaliski. Server-assisted generation of a strong secret from a password. In Proceedings of the 5th IEEE Intl. Workshop on Enterprise Security, 2000. Google Scholar Igor Nai Fovino, Andrea Carcano, Thibault De Lacheze Murel, Alberto Trombetta, and Marcelo Masera. Modbus/dnp3 state-based intrusion detection system. In Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pages 729– 736, April 2010a. Google Scholar Igor Nai Fovino, Marcelo Masera, Luca Guidi, and Giorgio Carpi. An experimental platform for assessing SCADA vulnerabilities and countermeasures in power plants. In Proceedings of the IEEE International Conference on Human System Interactions (HSI), pages 679– 686, 2010b. Google Scholar Igor Nai Fovino, Alessio Coletta, Andrea Carcano, and Marcelo Masera. Critical state-based filtering system for securing SCADA network protocols. IEEE Transactions on Industrial Electronics, 59 (10): 3943– 3950, October 2012. CrossrefWeb of Science®Google Scholar A. Frank and A. Asuncion. UCI machine learning repository, 2013a. URL: http://archive.ics.uci.edu/ml. Google Scholar A. Frank and A. Asuncion. UCI machine learning repository, 2013b. URL: http://archive.ics.uci.edu/ml. Google Scholar Eibe Frank and Ian Witten. Generating accurate rule sets without global optimization, 1998. Google Scholar Jerome H. Friedman, Forest Baskett, and Leonard J. Shustek. An algorithm for finding nearest neighbors. IEEE Transactions on Computers, 100 (10): 1000– 1006, 1975. CrossrefGoogle Scholar Jerome H Friedman, Jon Louis Bentley, and Raphael Ari Finkel. An algorithm for finding best matches in logarithmic expected time. ACM Transactions on Mathematical Software (TOMS), 3 (3): 209– 226, 1977. CrossrefGoogle Scholar Keinosuke Fukunaga and Patrenahalli M Narendra. A branch and bound algorithm for computing k-nearest neighbors. IEEE Transactions on Computers, 100 (7): 750– 753, 1975. CrossrefWeb of Science®Google Scholar Wei Gao, Thomas Morris, Bradley Reaves, and Drew Richey. On SCADA control system command and response injection and intrusion detection. In IEEE eCrime Researchers Summit (eCrime), pages 1– 9, 2010. Google Scholar Amol Ghoting, Srinivasan Parthasarathy, and Matthew Eric Otey. Fast mining of distance-based outliers in high-dimensional datasets. Springer Journal on Data Mining and Knowledge Discovery, 16 (3): 349– 364, 2008. CrossrefWeb of Science®Google Scholar Annarita Giani, Gabor Karsai, Tanya Roosta, Aakash Shah, Bruno Sinopoli, and Jon Wiley. A testbed for secure and robust SCADA systems. SIGBED Rev, 5 (2): 1– 4, 2008. CrossrefGoogle Scholar Annarita Giani, Eilyan Bitar, Manuel Garcia, Miles McQueen, Pramod Khargonekar, and Kameshwar Poolla. Smart grid data integrity attacks. IEEE Transactions on Smart Grid, 4 (3): 1244– 1253, Sept 2013. CrossrefWeb of Science®Google Scholar M. Govindarajan and RM. Chandrasekaran. Evaluation of k-nearest neighbor classifier performance for direct marketing. Elsevier Journal on Expert Systems with Applications, 37 (1): 253– 258, 2010. CrossrefWeb of Science®Google Scholar Philip Gross, Janak Parekh, and Gail Kaiser. Secure selecticast for collaborative intrusion detection systems. In Proceedings of the 3rd International Workshop on Distributed Event-Based Systems (DEBS), page 50, 2004. Google Scholar Siguraur E. Guttormsson, M. A. El-Sharkawi, and I. Kerszenbaum. Elliptical novelty grouping for on-line short-turn detection of excited running rotors. IEEE Transactions on Energy Conversion (TEC), 14: 16– 22, 1999. CrossrefWeb of Science®Google Scholar Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, and Ian H. Witten. The weka data mining software J: an update. ACM SIGKDD Explorations Newsletter, pages 10– 18, 2009. Google Scholar Trevor Hastie, Robert Tibshirani, Jerome Friedman, T Hastie, J Friedman, and R Tibshirani. The Elements of Statistical Learning, volume 2, Springer, 2009. CrossrefGoogle Scholar Mike Hibler, Robert Ricci, Leigh Stoller, Jonathon Duerig, Shashi Guruprasad, Tim Stack, Kirk Webb, and Jay Lepreau. Large-scale virtualization in the emulab network testbed. In USENIX Annual Technical Conference, pages 113– 128, 2008. Google Scholar Kevin J. Houle, George M. Weaver, Neil Long, and Rob Thomas. Trends in denial of service attack technology. CERT Coordination Center, page 839, 2001. Google Scholar Allen Householder, Art Manion, Linda Pesante, G Weaver, and Rob Thomas. Managing the threat of denial-of-service attacks. Technical report, CMU Software Engineering Institute CERT Coordination Center, 2001. Google Scholar Modbus IDA. Modbus messaging on TCP/IP implementation guide v1.0a. June 2004. Google Scholar Vinay M. Igure, Sean A. Laughter, and Ronald D. Williams. Security issues in SCADA networks. Elsevier Journal on Computers and Security, 25 (7): 498– 506, 2006. CrossrefWeb of Science®Google Scholar D. Jablon. Password authentication using multiple servers. In The Cryptographer's Track at the RSA Conference, pages 344– 360, 2001. Google Scholar Michael L. Milvich. Idaho national laboratory supervisory control and data acquisition intrusion detection system (SCADA IDS). In 2008 IEEE Conference on Technologies for Homeland Security, pages 469– 473, 2008. Google Scholar Meng Jianliang, Shang Haikun, and Bian Ling. The application on intrusion detection based on k-means cluster algorithm. In Proceedings of International Forum on Information Technology and Applications (IFITA), volume 1, pages 150– 152, 2009. Google Scholar Xuan Jin, John Bigham, Julian Rodaway, David Gamez, and Chris Phillips. Anomaly detection in electricity cyber infrastructures. In Proceedings of the International Workshop on Complex Networks and Infrastructure Protection (CNIP), 2006. Google Scholar George H. John and Pat Langley. Estimating continuous distributions in bayesian classifiers. In Proceedings of the 11th Conference on Uncertainty in Artificial Intelligence, pages 338– 345. Morgan Kaufmann Publishers Inc., 1995. Google Scholar I. T. Jolliffe. Principal component analysis and factor analysis. Principal Component Analysis, pages 150– 166, 2002. Google Scholar J. Katz, R. Ostrovsky, and M. Yung. Efficient password-authenticated key exchange using human-memorable passwords. In Proceedings of Eurocrypt, pages 457– 494, 2001. Google Scholar J. Katz, P. MacKenzie, G. Taban, and V. Gligor. Two-server password-only authenticated key exchange. In Proceedings of Applied Cryptoraphy and Network Security, pages 1– 16, 2005. Google Scholar Baek S. Kim and Song B. Park. A fast k nearest neighbor finding algorithm based on the ordered partition. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), (6): 761– 766, 1986. Google Scholar Josef Kittler, Mohamad Hatef, Robert P. W. Duin, and Jiri Matas. On combining classifiers. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), pages 226– 239, 1998. Google Scholar R. Kohavi. A study of cross-validation and bootstrap for accuracy estimation and model selection. In Proceedings of International joint Conference on artificial intelligence, volume 14, pages 1137– 1145. Lawrence Erlbaum Associates Ltd, 1995. Google Scholar Sathish A. P. Kumar, Anup Kumar, and S. Srinivasan. Statistical based intrusion detection framework using six sigma technique. International Journal of Computer Science and Network Security, 7 (10): 333, 2007. Google Scholar Nishchal Kush, Ernest Foo, and Ejaz Ahmed. Smart grid test bed design and implementation. 2010. Google Scholar A. Lewis. The epanet programmer's toolkit for analysis of water distribution systems, 1999. URL: http://www.epa.gov/nrmrl/wswrd/dw/epanet.html. Google Scholar Yi-Ching Liaw, Maw-Lin Leou, and Chien-Min Wu. Fast exact k-nearest neighbors search using an orthogonal search tree. Elsevier Journal on Pattern Recognition, 43 (6): 2351– 2358, 2010. CrossrefWeb of Science®Google Scholar Ondrej Linda, Todd Vollmer, and Milos Manic. Neural network based intrusion detection system for critical infrastructures. In Proceedings of the International Joint Conference on Neural Networks (IJCNN), pages 1827– 1834, June 2009. Google Scholar Ting Liu, Andrew W Moore, and Alexander Gray. New algorithms for efficient high-dimensional nonparametric classification. The Journal of Machine Learning Research, 7: 1135– 1158, 2006. Web of Science®Google Scholar Men Long, Chwan-Hwa Wu, and John Y Hung. Denial of service attacks on network-based control systems: impact and mitigation. IEEE Transactions on Industrial Informatics (TII), 1 (2): 85– 96, 2005. CrossrefWeb of Science®Google Scholar P. MacKenzie, T. Shrimpton, and M. Jakobsson. Threshold password-authenticated key exchange. Journal of Cryptology, 19 (1): 27– 66, 2006. CrossrefWeb of Science®Google Scholar J. MacQueen et al. Some methods for classification and analysis of multivariate observations. In Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, volume 1, page 14, California, USA, 1967. Google Scholar Steen Magnussen, Ronald E. McRoberts, and Erkki O. Tomppo. Model-based mean square error estimators for k-nearest neighbour predictions and applications using remotely sensed data for forest inventories. Remote Sensing of Environment, 113 (3): 476– 488, 2009. CrossrefWeb of Science®Google Scholar Matthew V. Mahoney and Philip K. Chan. Learning rules for anomaly detection of hostile network traffic. In Proceedings the 3rd IEEE International Conference on Data Mining (ICDM), pages 601– 604, 2003a. Google Scholar Matthew V. Mahoney and Philip K. Chan. An analysis of the 1999 darpa/lincoln laboratory evaluation data for network anomaly detection. In Recent Advances in Intrusion Detection, pages 220– 237, Springer, 2003b. CrossrefGoogle Scholar Munir Majdalawieh, Francesco Parisi-Presicce, and Duminda Wijesekera. DNPSec: Distributed network protocol version 3 (DNP3) security framework. In Advances in Computer, Information, and Systems Sciences, and Engineering, pages 227– 234, 2006. Google Scholar Brent Martin. Instance-based learning: nearest neighbour with generalisation. PhD thesis, University of Waikato, 1995. Google Scholar Isabel Marton, Ana I. Sánchezb, Sofia Carlosa, and Sebastián Martorella. Application of data driven methods for condition monitoring maintenance. Chemical Engineering, 33: 301– 306, 2013. Google Scholar James McNames. A fast nearest-neighbor algorithm based on a principal axis search tree. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 23 (9): 964– 976, 2001. CrossrefWeb of Science®Google Scholar Melbourne Water. Daily residential water use for Melbourne, July 2009. URL: http://www.melbournewater.com.au. Google Scholar Melbourne Water. Daily residential water use for Melbourne, July 2012. URL: http://www.melbournewater.com.au. Google Scholar Miljenko Mikuc, Denis Salopek, Valter Vasić, and Marko Zec. The FreeBSD network stack virtualization project, March 2014. URL: http://www.imunes.tel.fer.hr/. Google Scholar Modbus Organization. Modbus specifications, April 2020. URL: http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf (accessed on 21 July 2019). Google Scholar Thomas Morris, Anurag Srivastava, Bradley Reaves, Wei Gao, Kalyan Pavurapu, and Ram Reddi. A control system testbed to validate critical infrastructure protection concepts. International Journal of Critical Infrastructure Protection (IJCIP), 4 (2): 88– 103, 2011. CrossrefWeb of Science®Google Scholar Kate Munro. Deconstructing flame: the limitations of traditional defences. Elsevier Journal on Computer Fraud and Security, 2012 (10): 8– 11, 2012. CrossrefGoogle Scholar Gerhard Münz, Sa Li, and Georg Carle. Traffic anomaly detection using k-means clustering. Proceedings of Leistungs-Zuverlässigkeits-und Verlässlichkeitsbewertung von Kommunikationsnetzen und Verteilten Systemen, 4, 2007. Google Scholar Sameer A. Nene and Shree K. Nayar. A simple algorithm for nearest neighbor search in high dimensions. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 19 (9): 989– 1003, 1997. CrossrefWeb of Science®Google Scholar Peng Ning, Yun Cui, and Douglas S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 245– 254, November 2002. Google Scholar NS3 Maintainers. Ns3 simulator, July 2012. URL: http://www.nsnam.org/. Google Scholar Joshua Oldmeadow, Siddarth Ravinutala, and Christopher Leckie. Adaptive clustering for network intrusion detection. Springer Journal on Advances in Knowledge Discovery and Data Mining, pages 255– 259, 2004. Google Scholar Paul Oman, Edmund Schweitzer, and Deborah Frincke. Concerns about intrusions into remotely accessible substation controllers and SCADA systems. In Proceedings of the Twenty-Seventh Annual Western Protective Relay Conference, volume 160. Citeseer, 2000. Google Scholar Stephen M. Omohundro. Five Balltree Construction Algorithms. International Computer Science Institute Berkeley, 1989. Google Scholar OPNET Technologies. Opnet modeler: Scalable network simulation, July 2012. URL: http://www.opnet.com/solutions/network_rd/modeler.html. Google Scholar Apostolos N. Papadopoulos. Nearest Neighbor Search: A Database Perspective. Springer, 2006. Google Scholar Al-Sakib Khan Pathan. The State of the Art in Intrusion Prevention and Detection. CRC Press, 2014. CrossrefGoogle Scholar Roberto Di Pietro and Luigi V. Mancini. Intrusion Dtection Systems. Springer, 2008. Google Scholar PLeonid Portnoy, Eleazar Eskin, and Sal Stolfo. Intrusion detection with unlabeled data using clustering. 2001. Google Scholar Michael J. Prerau and Eleazar Eskin. Unsupervised anomaly detection using an optimized k-nearest neighbors algorithm. Undergraduate Thesis, Columbia University, December 2000. Google Scholar Matija Pužar and Thomas Plagemann. NEMAN: A network emulator for mobile ad-hoc networks. Technical report. University of Oslo, 2005. Google Scholar Carlos Queiroz, Abdun Mahmood, and Zahir Tari. SCADASim - a framework for building SCADA simulations. IEEE Transactions on Smart Grid (TSG), 2 (4): 589– 597, 2011. CrossrefWeb of Science®Google Scholar John Ross Quinlan. C4.5: Programs for Machine Learning, volume 1. Morgan Kaufmann, 1993. Google Scholar M. Di Raimondo and R. Gennaro. Provably secure threshold password-authenticated key exchange. Journal of Computer and System Sciences, 72 (6): 978– 1001, 2006. CrossrefWeb of Science®Google Scholar Bradley Reaves and Thomas Morris. An open virtual testbed for industrial control system security research. Springer International Journal of Information Security, pages 1– 15, 2012. Google Scholar Irene Rodriguez-Lujan, Jordi Fonollosa, Alexander Vergara, Margie Homer, and Ramon Huerta. On the calibration of sensor arrays for pattern recognition using the minimal number of experiments. Elsevier Journal on Chemometrics and Intelligent Laboratory Systems, pages 123– 134, 2014. Google Scholar J. L. Rrushi, C. Bellettini, and E. Damiani. Composite intrusion detection in process control networks . PhD thesis, University of Milano, April 2009a. Google Scholar J. L. Rrushi, C. Bellettini, and E. Damiani. Composite intrusion detection in process control networks . PhD thesis, University of Milano, April 2009b. Google Scholar Sandia National Laboratories. National SCADA testbed, July 2012. URL: http://energy.sandia.gov/?page_id=859. Google Scholar Salvatore Sanfilippo. Hping3-active network security tool, 2012. URL: http://www.hping.org/hping3.html. Google Scholar Bernhard Schiilköpf, Chris Burgest, and Vladimir Vapnik. Extracting support data for a given task. In Proceedings of the 1st International Conference on Knowledge Discovery and Data Mining, AAAI Press, pages 252– 257, 1995. Google Scholar Gregory Shakhnarovich, Trevor Darrell, and Piotr Indyk. Nearest-neighbor methods in learning and vision. IEEE Transactions on Neural Networks (TNN), 19 (2): 377, 2008. CrossrefGoogle Scholar A. Shamir. How to share a secret key. Communications of the ACM (CACM), 22 (11): 612– 613, 1979. CrossrefWeb of Science®Google Scholar Haijian Shi. Best-first decision tree learning . PhD thesis, Citeseer, 2007. Google Scholar Almas Shintemirov, Wenhu Tang, and Q. H. Wu. Power transformer fault classification based on dissolved gas analysis by implementing bootstrap and genetic programming. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 39 (1): 69– 79, 2009. CrossrefWeb of Science®Google Scholar PowerWorld Simulator. Power generation simulator, July 2013. URL: http://www.powerworld.com. Google Scholar Jill Slay and Michael Miller. Lessons Learned from the Maroochy Water Breach. Springer, 2007. CrossrefGoogle Scholar Software Development Team. Advanced hmi development software package, November 2014. URL URL: http://http://advancedhmi.com/. Google Scholar Robert F. Sproull. Refinements to nearest-neighbor searching ink-dimensional trees. Algorithmica, 6 (1-6): 579– 589, 1991. CrossrefGoogle Scholar Shan Suthaharan, Mohammed Alzahrani, Sutharshan Rajasegarar, Christopher Leckie, and Marimuthu Palaniswami. Labelled data collection for anomaly detection in wireless sensor networks. In Proceedings of the 6th International Conference on Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), pages 269 – 274, Dec 2010. Google Scholar Modbus Team. Modbus implementation and tools, July 2014. URL: https://github.com/bashwork/pymodbus. Google Scholar Patrick P. Tsang and Sean W. Smith. Yasir: A low-latency, high-integrity security retrofit for legacy SCADA systems. In Proceedings of The Ifip Tc 11 23rd International Information Security Conference, pages 445– 459. Springer, 2008. Google Scholar TU Berlin. Simulation of wind turbine blades, October 2013. URL: http://q-blade.org/. Google Scholar Alfonso Valdes and Steven Cheung. Communication pattern anomaly detection in process control systems. In Proceedings of IEEE International Conference on Technologies for Homeland Securitym (HST), pages 22– 29, 2009. Google Scholar András Varga and Rudolf Hornig. An overview of the OMNeT++ simulation environment. In Proceedings of the 1st International ConfeNetworks and Systems and Workshops, page 60. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2008. Google Scholar Alexander Vergara, Shankar Vembu, Tuba Ayhan, Margaret A. Ryan, Margie L. Homer, and Ramon Huerta. Chemical gas sensor drift compensation using classifier ensembles. Elsevier Journal on Sensors and Actuators B: Chemical, 166: 320– 329, 2012. CrossrefWeb of Science®Google Scholar Šaltenis Vydunas. Outlier detection based on the distribution of distances between data points. Informatica, 15 (3): 399– 410, August 2004. CrossrefWeb of Science®Google Scholar Dong Wei, Yan Lu, Mohsen Jafari, Paul M. Skare, and Kenneth Rohde. Protecting smart grid automation systems against cyberattacks. IEEE Transactions on Smart Grid (TSG), (99): 1– 1, 2011. Google Scholar Fangfei Weng, Qingshan Jiang, Liang Shi, and Nannan Wu. An intrusion detection system based on the clustering ensemble. In Proceedings of IEEE International Workshop on Anti-counterfeiting, Security, Identification, pages 121– 124, 2007. Google Scholar Yang Wenxian and Jiang Jiesheng. Wind turbine condition monitoring and reliability analysis by SCADA information. In Proceedings of the 2nd International Conference on Mechanic Automation and Control Engineering (MACE), pages 1872– 1875, July 2011. Google Scholar Xindong Wu, Vipin Kumar, J. Ross Quinlan, Joydeep Ghosh, Qiang Yang, Hiroshi Motoda, Geoffrey J. McLachlan, Angus Ng, Bing Liu, Philip S. Yu, Zhi-Hua Zhou, Michael Steinbach, David J. Hand, and Dan Steinberg. Top 10 algorithms in data mining. Elsevier Journal on Knowledge and Information Systems, 14 (1): 1– 37, 2008. CrossrefWeb of Science®Google Scholar Wang Xueyi. A fast exact k-nearest neighbors algorithm for high dimensional search using k-means clustering and triangle inequality. In IJCNN Proceedings, pages 1293– 1299, 2011. Google Scholar Kenji Yamanishi and Jun ichi Takeuchi. Discovering outlier filtering rules from unlabeled data. In Proceedings of inte Knowledge Discovery and Data Mining, pages 389– 394. Citeseer, 2001. Google Scholar Dayu Yang, Alexander Usynin, and J. Wesley Hines. Anomaly-based intrusion detection for SCADA systems. In Proceedings of the 5th Intl. Topical Meeting on Nuclear Plant Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT), pages 12– 16, 2006. Google Scholar X. Yi, S. Ling, and H. Wang. Efficient two-server password-only authenticated key exchange. IEEE Transactions on Parallel Distributed Systems (TPDS), 24 (9): 1773– 1782, 2013. CrossrefWeb of Science®Google Scholar X. Yi, F. Hao, and E. Bertino. Id-based two-server password-authenticated key exchange. In Proceedings of European Symposium on Research in Computer Security (ESORICS), pages 257– 276, 2014. Google Scholar X. Yi, F. Hao, L. Chen, and J. K. Liu. Practical threshold password-authenticated secret sharing protocol. In Proceedings of European Symposium on Research in Computer Security (ESORICS), pages 347– 365, 2015. Google Scholar A. S. A. E. Zaher, S. D. J. McArthur, D. G. Infield, and Y. Patel. Online wind turbine fault detection through automated SCADA data analysis. Wind Energy, 12 (6): 574– 593, 2009. Wiley Online LibraryWeb of Science®Google Scholar Ji Zhang and Hai Wang. Detecting outlying subspaces for high-dimensional data: The new task, algorithms, and performance. Springer Journal on Knowledge and Information Systems, 10 (3): 333– 355, 2006. CrossrefWeb of Science®Google Scholar Jun Zhang, Chao Chen, Yang Xiang, Wanlei Zhou, and Yong Xiang. Internet traffic classification by aggregating correlated naive bayes predictions. IEEE Transactions on Information Forensics and Security (TIFS), 8 (1): 5– 15, 2013a. CrossrefCASWeb of Science®Google Scholar Jun Zhang, Yang Xiang, Yu Wang, Wanlei Zhou, Yong Xiang, and Yong Guan. Network traffic classification using correlation information. IEEE Transactions on Parallel and Distributed Systems (TPDS), 8 (1): 104– 117, 2013b. CrossrefGoogle Scholar SCADA Security: Machine Learning Concepts for Intrusion Detection and Prevention: SCADA‐Based IDs Security ReferencesRelatedInformation