Evaluating Machine Learning techniques for ICS security: insights from dataset limitations and classifier performance

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The security of Industrial Control Systems (ICSs) is critical for the operation of essential infrastructure like energy, water, and transportation. However, ICS communication protocols often lack essential security features, making them vulnerable to advanced persistent threat (APT) attacks, as evidenced by cyberattacks like Stuxnet and Triton. One potential solution is deploying Intrusion Detection Systems (IDS) to monitor network traffic and detect intrusions. While Machine Learning (ML) and Deep Learning (DL) have shown promise for IDS, testing these methods in real ICS environments is impractical due to the risk of disruptions and the challenge of labeling data without altering system functionality. This study compares the performance of several ML classifiers, including Logistic Regression, Decision Tree, XGBoost, Random Forest, ANN, LightGBM, and SVM, in detecting ICS cyberattacks. The classifiers generally performed well but showed variations depending on the type of attack. For instance, Decision Tree, Random Forest, and SVM excelled in detecting DDoS attacks, while performance dropped for PortScan attacks. LightGBM outperformed others across multiple attack types, with F-scores between 0.993 and 1.000. The study highlights the importance of comprehensive, labeled datasets for improving IDS effectiveness in ICS environments.
Original languageEnglish
Title of host publication2024 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC)
PublisherIEEE/ IAPR
Pages368-373
Number of pages6
ISBN (Electronic)9798350367775
ISBN (Print)9798350367782
DOIs
Publication statusPublished - 16 Dec 2024
Event2024 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC) - Cairo, Egypt
Duration: 13 Nov 202414 Nov 2024

Conference

Conference2024 International Mobile, Intelligent, and Ubiquitous Computing Conference (MIUCC)
Period13/11/2414/11/24

Keywords

  • Support vector machines
  • Intrusion detection
  • Transportation
  • Denial-of-service attack
  • Ubiquitous computing
  • Security
  • Decision trees
  • Computer crime
  • Random forests
  • Testing

Fingerprint

Dive into the research topics of 'Evaluating Machine Learning techniques for ICS security: insights from dataset limitations and classifier performance'. Together they form a unique fingerprint.

Cite this