Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems

Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems

Industrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Log...

Full description

Saved in:
Bibliographic Details
Main Authors: Denis Benka, Dusan Horvath, Lukas Spendla, Gabriel Gaspar, Maximilian Stremy
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Anomaly detection
intrusion detection systems
machine learning
threat detection
programmable logic controllers
Online Access:https://ieeexplore.ieee.org/document/10843706/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Industrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Logic Controllers (PLCs). Advanced preventive measures are necessary because, despite their significance, many ICS continue to rely on outdated technologies with few security features. This paper proposes a machine learning (ML)-based approach to anomaly detection in ICS communication networks, focusing on techniques such as 1D Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM) networks, Support Vector Machines (SVMs), and Isolation Forest (iForest) algorithms. We generated a dataset by capturing both normal and manipulated ICS communication patterns, including TCP/IP traffic. Simulated lateral attacks provided realistic data for training and testing the ML models. The results demonstrate that the 1D CNN model achieved the highest accuracy (0.92) and F1 score (0.91) with minimal processing time, making it ideal for real-time intrusion detection. This research highlights the potential of ML techniques to fortify ICS cybersecurity and lays the groundwork for future advancements in critical infrastructure resilience.
ISSN:2169-3536

Similar Items