IIUM Repository

Industrial datasets with ICS testbed and attack detection using machine learning techniques

Mubarak, Sinil and Habaebi, Mohamed Hadi and Islam, Md. Rafiqul and Balla, Asaad and Tahir, Mohammad and Elsheikh, Elfatih A. A. and Suliman, F. M. (2021) Industrial datasets with ICS testbed and attack detection using machine learning techniques. Intelligent Automation & Soft Computing, 31 (3). pp. 1345-1360. ISSN 1079-8587 E-ISSN 2326-005X

[img] PDF (Article) - Published Version
Restricted to Registered users only

Download (6MB) | Request a copy
[img] PDF (SCOPUS) - Supplemental Material
Restricted to Registered users only

Download (445kB) | Request a copy

Abstract

Industrial control systems (ICS) are the backbone for the implementation of cybersecurity solutions. They are susceptible to various attacks, due to openness in connectivity, unauthorized attempts, malicious attacks, use of more commercial off the shelf (COTS) software and hardware, and implementation of Internet protocols (IP) that exposes them to the outside world. Cybersecurity solutions for Information technology (IT) secured with firewalls, intrusion detection/protection systems do nothing much for Operational technology (OT) ICS. An innovative concept of using real operational technology network traffic-based testbed, for cyber-physical system simulation and analysis, is presented. The testbed is equipped with real-time attacks using in-house penetration test tool with reconnaissance, interception, and firmware analysis scenarios. The test cases with different real-time hacking scenarios are implemented with the ICS cyber test kit, and its industrial datasets are captured which can be utilized for Deep packet inspection (DPI). The DPI provides more visibility into the contents of OT network traffic based on OT protocols. The Machine learning (ML) techniques are deployed for cyber-attack detection of datasets from the cyber kit. The performance metrics such as accuracy, precision, recall, F1 score are evaluated and cross validated for different ML algorithms for anomaly detection. The decision tree (DT) ML technique is optimized with pruning method which provides an attack detection accuracy of 96.5%. The deep learning (DL) techniques has been used recently for enhanced OT intrusion detection performances.

Item Type: Article (Journal)
Additional Information: 6727/92973
Uncontrolled Keywords: industrial control system; intrusion detection system; machine learning; anomaly detection
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800 Electronics. Computer engineering. Computer hardware. Photoelectronic devices
Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): Kulliyyah of Engineering
Kulliyyah of Engineering > Department of Electrical and Computer Engineering
Depositing User: Dr. Mohamed Hadi Habaebi
Date Deposited: 12 Oct 2021 09:05
Last Modified: 18 Nov 2021 09:37
URI: http://irep.iium.edu.my/id/eprint/92973

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year