Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems
Industrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Log...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10843706/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832586895243083776 |
|---|---|
| author | Denis Benka Dusan Horvath Lukas Spendla Gabriel Gaspar Maximilian Stremy |
| author_facet | Denis Benka Dusan Horvath Lukas Spendla Gabriel Gaspar Maximilian Stremy |
| author_sort | Denis Benka |
| collection | DOAJ |
| description | Industrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Logic Controllers (PLCs). Advanced preventive measures are necessary because, despite their significance, many ICS continue to rely on outdated technologies with few security features. This paper proposes a machine learning (ML)-based approach to anomaly detection in ICS communication networks, focusing on techniques such as 1D Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM) networks, Support Vector Machines (SVMs), and Isolation Forest (iForest) algorithms. We generated a dataset by capturing both normal and manipulated ICS communication patterns, including TCP/IP traffic. Simulated lateral attacks provided realistic data for training and testing the ML models. The results demonstrate that the 1D CNN model achieved the highest accuracy (0.92) and F1 score (0.91) with minimal processing time, making it ideal for real-time intrusion detection. This research highlights the potential of ML techniques to fortify ICS cybersecurity and lays the groundwork for future advancements in critical infrastructure resilience. |
| format | Article |
| id | doaj-art-e3328ace136945b7b14b454496f80de9 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-e3328ace136945b7b14b454496f80de92025-01-25T00:01:34ZengIEEEIEEE Access2169-35362025-01-0113125021251410.1109/ACCESS.2025.353090210843706Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control SystemsDenis Benka0https://orcid.org/0000-0002-7013-1546Dusan Horvath1https://orcid.org/0000-0003-4138-5966Lukas Spendla2https://orcid.org/0009-0002-4564-7740Gabriel Gaspar3https://orcid.org/0000-0002-2550-1675Maximilian Stremy4https://orcid.org/0000-0003-2918-0714Institute of Applied Informatics, Automation and Mechatronics, Faculty of Materials Science and Technology, Slovak University of Technology in Bratislava, Trnava, SlovakiaAdvanced Technologies Research Institute, Faculty of Materials Science and Technology in Trnava, Slovak University of Technology in Bratislava, Trnava, SlovakiaInstitute of Applied Informatics, Automation and Mechatronics, Faculty of Materials Science and Technology, Slovak University of Technology in Bratislava, Trnava, SlovakiaInstitute of Applied Informatics, Automation and Mechatronics, Faculty of Materials Science and Technology, Slovak University of Technology in Bratislava, Trnava, SlovakiaAdvanced Technologies Research Institute, Faculty of Materials Science and Technology in Trnava, Slovak University of Technology in Bratislava, Trnava, SlovakiaIndustrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Logic Controllers (PLCs). Advanced preventive measures are necessary because, despite their significance, many ICS continue to rely on outdated technologies with few security features. This paper proposes a machine learning (ML)-based approach to anomaly detection in ICS communication networks, focusing on techniques such as 1D Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM) networks, Support Vector Machines (SVMs), and Isolation Forest (iForest) algorithms. We generated a dataset by capturing both normal and manipulated ICS communication patterns, including TCP/IP traffic. Simulated lateral attacks provided realistic data for training and testing the ML models. The results demonstrate that the 1D CNN model achieved the highest accuracy (0.92) and F1 score (0.91) with minimal processing time, making it ideal for real-time intrusion detection. This research highlights the potential of ML techniques to fortify ICS cybersecurity and lays the groundwork for future advancements in critical infrastructure resilience.https://ieeexplore.ieee.org/document/10843706/Anomaly detectionintrusion detection systemsmachine learningthreat detectionprogrammable logic controllers |
| spellingShingle | Denis Benka Dusan Horvath Lukas Spendla Gabriel Gaspar Maximilian Stremy Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems IEEE Access Anomaly detection intrusion detection systems machine learning threat detection programmable logic controllers |
| title | Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems |
| title_full | Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems |
| title_fullStr | Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems |
| title_full_unstemmed | Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems |
| title_short | Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems |
| title_sort | machine learning based detection of anomalies intrusions and threats in industrial control systems |
| topic | Anomaly detection intrusion detection systems machine learning threat detection programmable logic controllers |
| url | https://ieeexplore.ieee.org/document/10843706/ |
| work_keys_str_mv | AT denisbenka machinelearningbaseddetectionofanomaliesintrusionsandthreatsinindustrialcontrolsystems AT dusanhorvath machinelearningbaseddetectionofanomaliesintrusionsandthreatsinindustrialcontrolsystems AT lukasspendla machinelearningbaseddetectionofanomaliesintrusionsandthreatsinindustrialcontrolsystems AT gabrielgaspar machinelearningbaseddetectionofanomaliesintrusionsandthreatsinindustrialcontrolsystems AT maximilianstremy machinelearningbaseddetectionofanomaliesintrusionsandthreatsinindustrialcontrolsystems |