Cyber-attacks detection in industrial systems using artificial intelligence-driven methods

Wu Wang, Fouzi Harrou, Benamar Bouyeddou, Sidi Mohammed Senouci, Ying Sun

Research output: Contribution to journalArticlepeer-review

26 Scopus citations

Abstract

Modern industrial systems and critical infrastructures are constantly exposed to malicious cyber-attacks that are challenging and difficult to identify. Cyber-attacks can cause severe economic losses and damage the attacked system if not detected accurately and timely. Therefore, designing an accurate and sensitive intrusion detection system is undoubtedly necessary to ensure the productivity and safety of industrial systems against cyber-attacks. This paper first introduces a stacked deep learning method to detect malicious attacks in SCADA systems. We also consider eleven machine learning models, including the Xtreme Gradient Boosting (XGBoost), Random forest, Bagging, support vector machines with different kernels, classification tree pruned by the minimum cross-validation and by 1-standard error rule, linear discriminate analysis, conditional inference tree, and the C5.0 tree. Real data sets with different kinds of cyber-attacks from two laboratory-scale SCADA systems, gas pipeline and water storage tank systems, are employed to evaluate the performance of the investigated methods. Seven evaluation metrics have been used to compare the investigated models (accuracy, sensitivity, specificity, precision, recall, F1-score, and area under curve, or AUC). Overall, results show that the XGBoost approach achieved superior detection performance than all other investigated methods. This could be due to its desirable characteristics to avoid overfitting, decreases the complexity of individual trees, robustness to outliers, and invariance to scaling and monotonic transformations of the features. Unexpectedly, the deep learning models are not providing the best performance in this case study, even with their extended capacity to capture complex features interactions.
Original languageEnglish (US)
Pages (from-to)100542
JournalInternational Journal of Critical Infrastructure Protection
Volume38
DOIs
StatePublished - Jun 22 2022

Bibliographical note

KAUST Repository Item: Exported on 2022-07-05
Acknowledged KAUST grant number(s): OSR-2019-CRG7-3800
Acknowledgements: Wu Wang's research is supported by the Fundamental Research Funds for the Central Universities, China and the Research Funds of Renmin University of China. This publication is based upon work supported by King Abdullah University of Science and Technology (KAUST), Saudi Arabia, Office of Sponsored Research (OSR) under Award No: OSR-2019-CRG7-3800.

ASJC Scopus subject areas

  • Modeling and Simulation
  • Information Systems and Management
  • Computer Science Applications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Cyber-attacks detection in industrial systems using artificial intelligence-driven methods'. Together they form a unique fingerprint.

Cite this