TY - JOUR
T1 - Feature-driven Anomalous Behaviour Detection and Incident Classification Model for ICS in Water Treatment Plants
AU - Ahmadi-Assalemi, Gabriela
AU - Al-Khateeb, Haider
AU - Makonese, Tanaka Laura
AU - Benson, Vladlena
AU - Khan, Samiya
AU - Butt, Usman Javed
PY - 2023/6/22
Y1 - 2023/6/22
N2 - Industry 5.0 envisions humans working alongside emerging technologies and enabled by the fusion of devices and sensors using Information and Communication Technologies (ICT) to facilitate process automation, monitoring and distributed control in Industrial Control Systems (ICS). However, the application of disruptor technologies and exposure of insecure devices broadens the attack surface making ICS an attractive target for sophisticated threat actors. Furthermore, ICS deliver a range of critical services hence disruption of industrial operations and services could have serious consequences. This study proposes an anomaly-based intrusion detection system for a water treatment plant based on a new model to determine variable significance for improved detection accuracy using Machine Learning (ML) algorithms coupled with incident classification based on functional impact. Determining statistical significance for independent ICS variables was addressed using logistic regression. Overall, thirty-nine variables are deemed relevant in diagnosing the system state of the ICS operation to be expected or under attack. Our approach is validated using the Secure Water Treatment (SWaT) testbed. Experimental results reveal that anomaly detection was effective using k-NN, ANN and SVM achieving an F1-score of 0.99, 0.98 and 0.97 respectively.
AB - Industry 5.0 envisions humans working alongside emerging technologies and enabled by the fusion of devices and sensors using Information and Communication Technologies (ICT) to facilitate process automation, monitoring and distributed control in Industrial Control Systems (ICS). However, the application of disruptor technologies and exposure of insecure devices broadens the attack surface making ICS an attractive target for sophisticated threat actors. Furthermore, ICS deliver a range of critical services hence disruption of industrial operations and services could have serious consequences. This study proposes an anomaly-based intrusion detection system for a water treatment plant based on a new model to determine variable significance for improved detection accuracy using Machine Learning (ML) algorithms coupled with incident classification based on functional impact. Determining statistical significance for independent ICS variables was addressed using logistic regression. Overall, thirty-nine variables are deemed relevant in diagnosing the system state of the ICS operation to be expected or under attack. Our approach is validated using the Secure Water Treatment (SWaT) testbed. Experimental results reveal that anomaly detection was effective using k-NN, ANN and SVM achieving an F1-score of 0.99, 0.98 and 0.97 respectively.
KW - Critical national infrastructure
KW - fifth industrial revolution
KW - operational technology
KW - smart city
KW - APT
KW - artificial intelligence
UR - https://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijesdf
U2 - 10.1504/IJESDF.2025.10058572
DO - 10.1504/IJESDF.2025.10058572
M3 - Article
SN - 1751-911X
JO - International Journal of Electronic Security and Digital Forensics
JF - International Journal of Electronic Security and Digital Forensics
ER -