SCADA-GUARD: An AI Industrial Intrusion Defense System

Arturo Acosta Andrade^*, Axcel Hurtado^*, Juan Soto Valdez^*

Arizona State University
ACO 494 - Applied Projects
^*Indicates Equal Contribution

Code

Threat monitoring is no simple feat, but with Scada-Guard and an AI-powered detection pipeline, the job becomes easy. We start off providing the model with standardized raw data to establish a baseline for proper funcionality in regards to key sensors. Then, we employ a random forest algorithm to classify log data as either being normal or malicious. Once fully trained, the model will be able to correctly identify active threats while also reducing the chances of a false positive, as it must be certain that the threat threshold meets or exceeds 70%.

A brief video guide on how to train the AI model for SCADA-GUARD.

Quick Summary

SCADA-GAURD serves as a modern Intrusion Detection System (IDS) for the Industrial or Operational Technology Sectors. It is powered by the random forest machine learning algorithm and can take in recent machine sensor data and report any detected threats. It returns these threats via a user-friendly GUI that displays a real-time graph of detected threats, a confidence meter, and the affected key sensors.

An example of how the program reports back when an attack has been detected.

A glimpse of the System Log screen, which reports back key metrics, such as the programs' precision when it comes to determing if a log file contains normal behavior or features an attack.

The Threat Analytics page provides a graphical visualization of the likelihood that a specific sensor within a Water Treatment Facility will be targeted.