Modern industrial systems and critical infrastructures are constantly exposed to malicious cyber-attacks that are challenging and difficult to identify. Cyber-attacks can cause severe economic losses and damage the attacked system if not detected accurately and timely. Therefore, designing an accurate and sensitive intrusion detection system is undoubtedly necessary to ensure the productivity and safety of industrial systems against cyber-attacks. This paper first introduces a stacked deep learning method to detect malicious attacks in SCADA systems. We also consider eleven machine learning models, including the Xtreme Gradient Boosting (XGBoost), Random forest, Bagging, support vector machines with different kernels, classification tree pruned by the minimum cross-validation and by 1-standard error rule, linear discriminate analysis, conditional inference tree, and the C5.0 tree. Real data sets with different kinds of cyber-attacks from two laboratory-scale SCADA systems, gas pipeline and water storage tank systems, are employed to evaluate the performance of the investigated methods. Seven evaluation metrics have been used to compare the investigated models (accuracy, sensitivity, specificity, precision, recall, F1-score, and area under curve, or AUC). Overall, results show that the XGBoost approach achieved superior detection performance than all other investigated methods. This could be due to its desirable characteristics to avoid overfitting, decreases the complexity of individual trees, robustness to outliers, and invariance to scaling and monotonic transformations of the features. Unexpectedly, the deep learning models are not providing the best performance in this case study, even with their extended capacity to capture complex features interactions.
|Original language||English (US)|
|Journal||International Journal of Critical Infrastructure Protection|
|State||Published - Jun 22 2022|
Bibliographical noteKAUST Repository Item: Exported on 2022-07-05
Acknowledged KAUST grant number(s): OSR-2019-CRG7-3800
Acknowledgements: Wu Wang's research is supported by the Fundamental Research Funds for the Central Universities, China and the Research Funds of Renmin University of China. This publication is based upon work supported by King Abdullah University of Science and Technology (KAUST), Saudi Arabia, Office of Sponsored Research (OSR) under Award No: OSR-2019-CRG7-3800.
ASJC Scopus subject areas
- Modeling and Simulation
- Information Systems and Management
- Computer Science Applications
- Safety, Risk, Reliability and Quality