TY - JOUR
T1 - Cyber-attacks detection in industrial systems using artificial intelligence-driven methods
AU - Wang, Wu
AU - Harrou, Fouzi
AU - Bouyeddou, Benamar
AU - Senouci, Sidi Mohammed
AU - Sun, Ying
N1 - KAUST Repository Item: Exported on 2022-07-05
Acknowledged KAUST grant number(s): OSR-2019-CRG7-3800
Acknowledgements: Wu Wang's research is supported by the Fundamental Research Funds for the Central Universities, China and the Research Funds of Renmin University of China. This publication is based upon work supported by King Abdullah University of Science and Technology (KAUST), Saudi Arabia, Office of Sponsored Research (OSR) under Award No: OSR-2019-CRG7-3800.
PY - 2022/6/22
Y1 - 2022/6/22
N2 - Modern industrial systems and critical infrastructures are constantly exposed to malicious cyber-attacks that are challenging and difficult to identify. Cyber-attacks can cause severe economic losses and damage the attacked system if not detected accurately and timely. Therefore, designing an accurate and sensitive intrusion detection system is undoubtedly necessary to ensure the productivity and safety of industrial systems against cyber-attacks. This paper first introduces a stacked deep learning method to detect malicious attacks in SCADA systems. We also consider eleven machine learning models, including the Xtreme Gradient Boosting (XGBoost), Random forest, Bagging, support vector machines with different kernels, classification tree pruned by the minimum cross-validation and by 1-standard error rule, linear discriminate analysis, conditional inference tree, and the C5.0 tree. Real data sets with different kinds of cyber-attacks from two laboratory-scale SCADA systems, gas pipeline and water storage tank systems, are employed to evaluate the performance of the investigated methods. Seven evaluation metrics have been used to compare the investigated models (accuracy, sensitivity, specificity, precision, recall, F1-score, and area under curve, or AUC). Overall, results show that the XGBoost approach achieved superior detection performance than all other investigated methods. This could be due to its desirable characteristics to avoid overfitting, decreases the complexity of individual trees, robustness to outliers, and invariance to scaling and monotonic transformations of the features. Unexpectedly, the deep learning models are not providing the best performance in this case study, even with their extended capacity to capture complex features interactions.
AB - Modern industrial systems and critical infrastructures are constantly exposed to malicious cyber-attacks that are challenging and difficult to identify. Cyber-attacks can cause severe economic losses and damage the attacked system if not detected accurately and timely. Therefore, designing an accurate and sensitive intrusion detection system is undoubtedly necessary to ensure the productivity and safety of industrial systems against cyber-attacks. This paper first introduces a stacked deep learning method to detect malicious attacks in SCADA systems. We also consider eleven machine learning models, including the Xtreme Gradient Boosting (XGBoost), Random forest, Bagging, support vector machines with different kernels, classification tree pruned by the minimum cross-validation and by 1-standard error rule, linear discriminate analysis, conditional inference tree, and the C5.0 tree. Real data sets with different kinds of cyber-attacks from two laboratory-scale SCADA systems, gas pipeline and water storage tank systems, are employed to evaluate the performance of the investigated methods. Seven evaluation metrics have been used to compare the investigated models (accuracy, sensitivity, specificity, precision, recall, F1-score, and area under curve, or AUC). Overall, results show that the XGBoost approach achieved superior detection performance than all other investigated methods. This could be due to its desirable characteristics to avoid overfitting, decreases the complexity of individual trees, robustness to outliers, and invariance to scaling and monotonic transformations of the features. Unexpectedly, the deep learning models are not providing the best performance in this case study, even with their extended capacity to capture complex features interactions.
UR - http://hdl.handle.net/10754/679596
UR - https://linkinghub.elsevier.com/retrieve/pii/S1874548222000300
UR - http://www.scopus.com/inward/record.url?scp=85132770728&partnerID=8YFLogxK
U2 - 10.1016/j.ijcip.2022.100542
DO - 10.1016/j.ijcip.2022.100542
M3 - Article
SN - 1874-5482
VL - 38
SP - 100542
JO - International Journal of Critical Infrastructure Protection
JF - International Journal of Critical Infrastructure Protection
ER -