ICS-IDS: application of big data analysis in AI-based intrusion detection systems to identify cyberattacks in ICS networks

The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant dest...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of supercomputing Vol. 80; no. 6; pp. 7876 - 7905
Main Authors Ali, Bakht Sher, Ullah, Inam, Al Shloul, Tamara, Khan, Izhar Ahmed, Khan, Ijaz, Ghadi, Yazeed Yasin, Abdusalomov, Akmalbek, Nasimov, Rashid, Ouahada, Khmaies, Hamam, Habib
Format Journal Article
LanguageEnglish
Published New York Springer US 01.04.2024
Springer Nature B.V
Subjects
Big Data
Classification
Compilers
Computer Science
Control systems
Critical infrastructure
Data analysis
Datasets
Discriminant analysis
Industrial electronics
Interpreters
Intrusion detection systems
Networks
Processor Architectures
Programming Languages
Deep learning
Big data
Cyber security
Intrusion detection
Machine learning
SCADA
Online AccessGet full text
ISSN0920-8542
1573-0484
DOI10.1007/s11227-023-05764-5

Cover

More Information
Summary:The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor’s method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-023-05764-5