Cyber-attacks detection in industrial systems using artificial intelligence-driven methods

Wu Wang, Fouzi Harrou, Benamar Bouyeddou, Sidi Mohammed Senouci, Ying Sun

Research output: Contribution to journalArticlepeer-review

31 Scopus citations

Abstract

Modern industrial systems and critical infrastructures are constantly exposed to malicious cyber-attacks that are challenging and difficult to identify. Cyber-attacks can cause severe economic losses and damage the attacked system if not detected accurately and timely. Therefore, designing an accurate and sensitive intrusion detection system is undoubtedly necessary to ensure the productivity and safety of industrial systems against cyber-attacks. This paper first introduces a stacked deep learning method to detect malicious attacks in SCADA systems. We also consider eleven machine learning models, including the Xtreme Gradient Boosting (XGBoost), Random forest, Bagging, support vector machines with different kernels, classification tree pruned by the minimum cross-validation and by 1-standard error rule, linear discriminate analysis, conditional inference tree, and the C5.0 tree. Real data sets with different kinds of cyber-attacks from two laboratory-scale SCADA systems, gas pipeline and water storage tank systems, are employed to evaluate the performance of the investigated methods. Seven evaluation metrics have been used to compare the investigated models (accuracy, sensitivity, specificity, precision, recall, F1-score, and area under curve, or AUC). Overall, results show that the XGBoost approach achieved superior detection performance than all other investigated methods. This could be due to its desirable characteristics to avoid overfitting, decreases the complexity of individual trees, robustness to outliers, and invariance to scaling and monotonic transformations of the features. Unexpectedly, the deep learning models are not providing the best performance in this case study, even with their extended capacity to capture complex features interactions.
Original languageEnglish (US)
Pages (from-to)100542
JournalInternational Journal of Critical Infrastructure Protection
Volume38
DOIs
StatePublished - Jun 22 2022

ASJC Scopus subject areas

  • Modeling and Simulation
  • Information Systems and Management
  • Computer Science Applications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Cyber-attacks detection in industrial systems using artificial intelligence-driven methods'. Together they form a unique fingerprint.

Cite this