Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence

Dhruv G. Bhatt, Parshad U. Kyada, Rajkumar Singh Rathore, M. K. Nallakaruppan, Faisal Mohammed Alotaibi, Rutvij H. Jhaveri

Research output: Contribution to journalArticlepeer-review

Abstract

This paper addresses industrial control security (ICS) security, focusing on utilizing intrusion detection systems (IDS) to protect ICS networks. It suggests the use of a Measurement Intrusion Detection System (MIDS) over a Network Intrusion Detection System (NIDS), directly analyzing measurement data to detect unseen activities. Training MIDS requires a labeled dataset of various attacks, and a hardware-in-the-loop (HIL) system is used for safer attack simulations. The main aim is to assess MIDS performance through machine learning (ML) on this dataset. Explainable artificial intelligence (XAI) is integrated for transparency in decision-making. Various ML models, such as random forest, achieve high accuracy in detecting anomalies, notably stealthy attacks, with a receiver operating curve (ROC) of 0.9999 and an accuracy of 0.9795. This highlights the importance of machine learning in securing ICS, supported by XAI’s explanatory power.

Original languageEnglish
Pages (from-to)314-331
Number of pages18
JournalJournal of Cybersecurity and Information Management
Volume15
Issue number1
DOIs
Publication statusPublished - Sept 2024

Keywords

  • Hardware in the Loop (HIL) System
  • Intrusion Detection
  • Machine Learning
  • Real-time Attack Detection
  • Stealthy Attacks

Cite this