An Intrusion Detection Method for Industrial Control System Based on Machine Learning
Open Access
- 3 July 2022
- journal article
- research article
- Published by MDPI AG in Information
- Vol. 13 (7), 322
- https://doi.org/10.3390/info13070322
Abstract
The integration of communication networks and the internet of industrial control in Industrial Control System (ICS) increases their vulnerability to cyber attacks, causing devastating outcomes. Traditional Intrusion Detection Systems (IDS) largely rely on predefined models and are trained mostly on specific cyber attacks, which means the traditional IDS cannot cope with unknown attacks. Additionally, most IDS do not consider the imbalanced nature of ICS datasets, thus suffering from low accuracy and high False Positive Rates when being put to use. In this paper, we propose the NCO–double-layer DIFF_RF–OPFYTHON intrusion detection method for ICS, which consists of NCO modules, double-layer DIFF_RF modules, and OPFYTHON modules. Detected traffic will be divided into three categories by the double-layer DIFF_RF module: known attacks, unknown attacks, and normal traffic. Then, the known attacks will be classified into specific attacks by the OPFYTHON module according to the feature of attack traffic. Finally, we use the NCO module to improve the model input and enhance the accuracy of the model. The results show that the proposed method outperforms traditional intrusion detection methods, such as XGboost and SVM. The detection of unknown attacks is also considerable. The accuracy of the dataset used in this paper reaches 98.13%. The detection rates for unknown attacks and known attacks reach 98.21% and 95.1%, respectively. Moreover, the method we proposed has achieved suitable results on other public datasets.Keywords
This publication has 31 references indexed in Scilit:
- The impact of class imbalance in classification performance metrics based on the binary confusion matrixPattern Recognition, 2019
- Anomaly-Based Method for Detecting Multiple Classes of Network AttacksInformation, 2019
- A meta‐heuristic Bayesian network classification for intrusion detectionInternational Journal of Network Management, 2018
- A survey of intrusion detection on industrial control systemsInternational Journal of Distributed Sensor Networks, 2018
- Effective Intrusion Detection System Using XGBoostInformation, 2018
- An Improved Intrusion Detection Algorithm Based on GA and SVMIEEE Access, 2018
- Performance comparison of intrusion detection systems and application of machine learning to Snort systemFuture Generation Computer Systems, 2018
- Advanced Heat Map and Clustering Analysis Using Heatmap3BioMed Research International, 2014
- Feature Selection via Correlation Coefficient ClusteringJournal of Software, 2010
- Random-Forests-Based Network Intrusion Detection SystemsIEEE Transactions on Systems, Man and Cybernetics, Part C (Applications and Reviews), 2008