№2, 2023


Ramiz H. Shikhaliyev

In recent decades, information technology has been integrated into industrial control systems (ICS). At the same time, there was a connection of the ICS to the Internet and a transition to cloud computing. Consequently, new vulnerabilities and threats to sophisticated cyberattacks have emerged that create significant risks for the cybersecurity of ICS, and the old security model based on the isolation of ICS is no longer able to ensure their cybersecurity. This situation makes it very important to intellectualize the cybersecurity of ICS, for which machine learning (ML) methods are used. The use of ML methods will make it possible to detect cybersecurity problems of ICS at an early stage, as well as eliminate their consequences without real damage. This paper discusses the issues of ICS intrusion detection based on ML methods. The work can help in the choice of ML methods for solving anomaly detection problems of ICS (pp.37-48).

Keywords: Industrial control systems, Intrusion detection, Anomaly detection, Machine learning
  • Antoine L, José M. (2016). Providing SCADA network data sets for intrusion detection research. In: 9th USENIX workshop on security experimentation and test.
  • Ashok A., Hahn A., and Govindarasu M. (2014). Cyber-physical security of wide-area monitoring, protection and control in a smart grid environment, J. Adv. Res., vol. 5, pp. 481–489.
  • Bonnie Z., and Sastry S. (2010). SCADA-specific intrusion detection/prevention systems: a survey and taxonomy, Proc. of the 1st Workshop on Secure Control Systems (SCS).
  • Brenner J. F. (2013). Eyes wide shut: The growing threat of cyber attacks on industrial control systems,” Bull. At. Sci., vol. 69, p. 15.
  • Cao Y., Zhang L, Zhao X., Jin K. and Chen Z. (2022). An Intrusion Detection Method for Industrial Control System Based on Machine Learning, Information, 13(7), 322; https://doi.org/10.3390/info13070322
  • Case D. (2016). Analysis of the cyber attack on the ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC) 388.
  • Chen T., Lin P. and Ling J. (2019). An Intrusion Detection Method for Industrial Control System Based on Gate Recurrent Unit, Journal of Physics: Conference Series, 1302 022016,
  • https://doi.org/10.1088/1742-6596/1302/2/022016
  • Dhirani L, Armstrong E., and Newe T. (2021). Industrial IoT Cyber Threats, and Standards Landscape: Evaluation and Roadmap, Sensors (Basel). 21(11): 3901, https://doi.org/10.3390/s21113901
  • Fovino, I. N. (2014). SCADA system cyber security. In K. Markantonakis & K. Mayes (Eds.), Secure smart embedded devices, platforms and applications (pp. 451–471). New York, NY: Springer Science + Business Media. https://doi.org/10.1007/978-1-4614-7915-4_20.
  • Gao W. and Morris T. H. (2014). On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems. Journal of Digital Forensics, Security and Law, vol. 9, 1, 37–56.
  • Ghanem K., Aparicio-Navarro F.J., Kyriakopoulos K.G., Lambotharan S., Chambers J.A. (2017). Support Vector Machine for Network Intrusion and Cyber-Attack Detection, Institute of Electrical and Electronics Engineers (IEEE), 1(1), https://core.ac.uk/works/18504183
  • Goh J., Adepu S., Junejo K.N. (2016). A dataset to support research in the design of secure water treatment systems. In: 11th international conference on critical information infrastructures security. Springer, Cham.
  • Helm, J. M., Swiergosz, A. M., Haeberle, H. S.,Karnuta, J. M., Schaffer, J. L., Krebs, V. E., ... & Ramkumar, P. N. (2020). Machine learning and artificial intelligence: definitions, applications, and future directions. Current reviews in musculoskeletal medicine, 13(1), 69-76.
  • Hemavati Er. and Aparna R. (2019). A Survey on Intrusion Detection System using Machine Learning and Deep Learning, International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 5(2), https://doi.org/10.32628/CSEIT195264
  • Hu Y., Yang A., Li H., Sun Y., and Sun L. (2018). A survey of intrusion detection on industrial control systems, International Journal of Distributed Sensor Networks, 14(8):155014771879461, https://doi.org/10.1177/1550147718794615
  • Igure, V., Laughter, S., & Williams, R. (2006). Security issues in SCADA networks. Computers and Society, 25 (7), 498–506.
  • Jiang D., and Zhao J. (2019). Machine Learning in Industrial Control System Security: A Survey, Proceedings of 2019 Chinese Intelligent Systems Conference, pp. 310-317, https://doi.org/10.1007/978-981-32-9698-5_35
  • Junejo K. N. (2020). Predictive safety assessment for storage tanks of water cyber physical systems using machine learning. Sadhana 45, 1 (2020), 1–16.
  • Kanade V. (2021). What Is Advanced Persistent Threat? Definition, Lifecycle, Identification, and Management Best Practices,
  • https://www.spiceworks.com/it-security/vulnerability-management/articles/what-is-advanced-persistent-threat/
  • Stoufler K., Lightman S. and Abrams M. (2014). Guide to industrial control systems Security, NIST special publication 800-82.May.
  • Koay A., Ko R., Hettema H. and Radke K. (2022). Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges, Journal of Intelligent Information Systems, 60, pp. 377-405.
  • Langner, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 9(3), 49-51.
  • Liu Y., Ning P., and Reiter M. K. (2011). False data injection attacks against state estimation in electric power grids, ACM Trans. Inf. Syst. Secur., vol. 14, pp. 1-33.
  • Maglaras L. A., Jiang J. (2014). Intrusion Detection in SCADA Systems Using Machine Learning Techniques, Science and Information Conference (SAI), pp. 626-631.
  • Mitchell R. and Chen I.-R. (2015). Behavior Rule SpeciŠcation-based Intrusion Detection for Safety Critical Medical Cyber Physical Systems. Dependable and Secure Computing, IEEE Transactions on 12(1), pp.16–30.
  • Morris T, Zach T, Ian T. (2015). Industrial control system simulation and data logging for intrusion detection system research. In: 7th annual southeastern cyber security summit.
  • Mubarak S., Habaebi M., Islam R., Rahman F. and Tahir M. (2021). Anomaly Detection in ICS Datasets with Machine Learning Algorithms, Computer Systems Science & Engineering, , https:// doi.org/10.32604/csse.2021.014384
  • Nicolas F., Murchu L. O , and Chien E. (2014). W32.Stuxnet Dossier, Symantec.
  • Nicolas F., Murchu L. O. (2011). W32.Stuxnet Dossier. Cupertino, CA, USA: Symantec. Retrieved November 8, 2015
  • https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
  • Pan S, Morris T, Adhikari U. (2015). Classification of disturbances and cyber-attacks in power systems using heterogeneous time-synchronized data. 11th IEEE Trans Ind Inf 11(3), pp.:650–662.
  • Pan S, Morris T, Adhikari U. (2015). Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans Smart Grid 6(6):1
  • Pasqualetti F., Dorfler F., and Bullo F. (2015). Control-Theoretic Methods for Cyberphysical Security: Geometric Principles for Optimal Cross-Layer Resilient Control Systems,” IEEE Control Syst., vol. 35, no. 1, pp. 110–127.
  • Pasqualetti F., Dörfler F., and Bullo F. (2013). Attack Detection and Identi fi cation in Cyber-Physical Systems, IEEE Trans. Automat. Contr., vol. 58, no. 11, pp. 2715–2729.
  • Pinto A., Herrera L.-C., Donoso Y., and Gutierrez J. (2023). Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure, Sensors, 23(5), 2415, https://doi.org/10.3390/s23052415
  • Reaves, B., and Morris, T. (2012). Analysis and mitigation of vulnerabilities in short-range wireless communications for industrial control systems. International Journal of Critical Infrastructure Protection, 5 (3-4), 154–174.
  • doi: 10.1016/j.ijcip.2012.10.001
  • Russel, J. (2015). A brief history of SCADA/EMS, http://scadahistory.com/
  • Smith R. S. (2011). .A decoupled feedback structure for covertly appropriating networked control systems, in IFAC Proceedings Volumes (IFAC-PapersOnline), vol. 18, pp. 90–95.
  • Stefanidis K., Voyiatzis A. G. (2016). An HMM-Based Anomaly Detection Approach for SCADA Systems, in IFIP International Conference on Information Security Theory and Practice, pp. 85-99, Springer International Publishing.
  • Truong T. C., Diep Q. B., Zelinka I. (2020). Artificial Intelligence in the Cyber Domain: Offence and Defense, Symmetry, 12(3):410.
  • https://doi.org/10.3390/sym12030410
  • Van Der Zwan E. (2010). Security of Industrial Control Systems, What to Look For, ISACA J. Online, 4(10), pp. 1-9.
  • Wang C., Wang B., Sun Y., Wei Y., Wang K., Zhang H.,and Liu H. (2021). Intrusion Detection for Industrial Control Systems Based on Open Set Artificial Neural Network, Security and Communication Networks, 4027900, https://doi.org/10.1155/2021/4027900
  • Yasakethu S. L. P., Jiang J. (2013). Intrusion Detection via Machine Learning for SCADA System Protection, in Proceedings of the 1st International Symposium on ICS & SCADA Cyber Security Research, pp. 101-105.
  • Zakarya D., Ahmed S., Olivier V. (2015). Analysis of Cyber Security for Industrial Control Systems, International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC).
  • Zhang Y. G., Zhang W., Xue X. R., Yang X. J. (2013). SCADA Intrusion Detection System Based on Self-Learning Semi-Supervised One-Class Support Vector Machine, Metallurgical Industry Automation, vol. 37(2), pp. 1-5.