Submit Your Paper
  1. Home
  2. Journals
  3. Journal of Cybersecurity and Information Management

Journal of Cybersecurity and Information Management

Journal DOI

https://doi.org/10.54216/JCIM

Submit Your Paper

2690-6775ISSN (Online) 2769-7851ISSN (Print)
Submit Your Paper

Journal Menu

Homepage Journal Overview Editorial Board Submitting Articles Indexing & Abstracting

Journal Volumes

Journal of Cybersecurity and Information Management

Volume 15 , Issue 1 , PP: 314-331, 2025 | Cite this article as | XML | Html | PDF | Full Length Article

Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence

Dhruv G. Bhatt 1 , Parshad U. Kyada 2 , Rajkumar Singh Rathore 3 , M. K. Nallakaruppan 4 * , Faisal Mohammed alotaibi 5 , Rutvij H. Jhaveri 6

  • 1 Department of Computer Science and Engineering, School of Technology, Pandit Deendayal Energy University, Gandhinagar 382007, India - (dhruv.bhatt.info@gmail.com)
  • 2 Department of Computer Science and Engineering, School of Technology, Pandit Deendayal Energy University, Gandhinagar 382007, India - (parshadkyada2003@gmail.com)
  • 3 Department of Computer Science, Cardiff School of Technologies, Cardiff Metropolitan University, Llandaff Campus, CF5 2YB Cardiff, U.K - (rsrathore@cardiffmet.ac.uk)
  • 4 Balaji Institute of Modern Management, Sri Balaji University, Pune, Pincode-411033, India - (Nallakaruppan.K@bimmpune.edu.in)
  • 5 Department of Computer Science, Prince Sattam Bin Abdulaziz University, Al-Kharj, Riyadh 16278, Saudi Arabia - (faisal.alotaibi@psau.edu.sa)
  • 6 Department of Computer Science and Engineering, School of Technology, Pandit Deendayal Energy University, Gandhinagar 382007, India - (rutvij.jhaveri@sot.pdpu.ac.in)

    • Doi: https://doi.org/10.54216/JCIM.150125

    Received: April 18, 2024 Revised: June 15, 2024 Accepted: August 20, 2024
    Abstract

    This paper addresses industrial control security (ICS) security, focusing on utilizing intrusion detection systems (IDS) to protect ICS networks. It suggests the use of a Measurement Intrusion Detection System (MIDS) over a Network Intrusion Detection System (NIDS), directly analyzing measurement data to detect unseen activities. Training MIDS requires a labeled dataset of various attacks, and a hardware-in-the-loop (HIL) system is used for safer attack simulations. The main aim is to assess MIDS performance through machine learning (ML) on this dataset. Explainable artificial intelligence (XAI) is integrated for transparency in decision-making. Various ML models, such as random forest, achieve high accuracy in detecting anomalies, notably stealthy attacks, with a receiver operating curve (ROC) of 0.9999 and an accuracy of 0.9795. This highlights the importance of machine learning in securing ICS, supported by XAI's explanatory power.

    Keywords :

    Hardware in the Loop (HIL) System , Intrusion Detection , Machine Learning , Real-time Attack Detection , Stealthy Attacks

    References

    [1] Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., Meskin, N. (2020). Cybersecurity for industrial control systems: A survey. Computers & Security, 89, 101677.

    [2] Stouffer, K., Falco, J., Scarfone, K., & Others. (2011). Guide to industrial control systems (ICS) security. NIST Special Publication, 800(82), 16–16.

    [3] Mokhtari, S., Abbaspour, A., Yen, K. K., Sargolzaei, A. (2021). A machine learning approach for anomaly detection in industrial control systems based on measurement data. Electronics, 10(4), 407.

    [4] Bace, R. G., Mell, P., & Others. (2001). Intrusion detection systems.

    [5] Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1), 1–22.

    [6] Liao, H.-J., Lin, C.-H. R., Lin, Y.-C., Tung, K.-Y. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24.

    [7] Zhang, J., Zulkernine, M., Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5), 649–659.

    [8] Aloqaily,M., Otoum, S., Al Ridhawi, I., Jararweh, Y. (2019). An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks, 90, 101842.

    [9] Javaid, A., Niyaz, Q., Sun, W., Alam, M. (2016). A deep learning approach for network intrusion detection system. Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (Formerly BIONETICS), 21–26.

    [10] Kumar, S. (2007). Survey of current network intrusion detection techniques. Washington Univ. in St. Louis, 1–18.

    [11] Isermann, R., Schaffnit, J., Sinsel, S. (1999). Hardware-in-the-loop simulation for the design and testing of engine-control systems. Control Engineering Practice, 7(5), 643–653.

    [12] Bhandary, A., Dobariya, V., Yenduri, G., Jhaveri, R. H., Gochhait, S., Benedetto, F. (2024). Enhancing Household Energy Consumption Predictions Through Explainable AI Frameworks. IEEE Access, 12, 36764–36777.

    [13] Murugan, R., Paliwal, M., Lakshmi Patibandla, R. S. M., Shah, P., Balaga, T. R., Gurrammagari, D. R., ... & Jhaveri, R. (2024). Amalgamation of Transfer Learning and Explainable AI for Internet of Medical Things. Recent Advances in Computer Science and Communications (Formerly: Recent Patents on Computer Science), 17(4), 40-53.

    [14] Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y. (2015). A survey of approaches combining safety and security for industrial control systems. Reliability Engineering & System Safety, 139, 156–178.

    [15] Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K. (2016). A revie of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1–27.

    [16] Wang, C., Fang, L., Dai, Y. (2010). A simulation environment for SCADA security analysis and assessment. 2010 International Conference on Measuring Technology and Mechatronics Automation, 1, 342–347. IEEE.

    [17] Kauffmann, J., Ruff, L., Montavon, G., M¨uller, K.-R. (2020). The clever Hans effect in anomaly detection. arXiv Preprint arXiv:2006. 10609.

    [18] Pollastro, A., Testa, G., Bilotta, A., Prevete, R. (2023). Semi-supervised detection of structural damage using variational autoencoder and a one-class support vector machine. IEEE Access.

    [19] Roshan, K., Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). arXiv Preprint arXiv:2112. 08442.

     

    [20] Li, Z., Zhu, Y., Van Leeuwen, M. (2023). A survey on explainable anomaly detection. ACM Transactions on Knowledge Discovery from Data, 18(1), 1–54.

    [21] Song, Z., Skuric, A., Ji, K. (2020). A recursive watermark method for hard real-time industrial control system cyber-resilience enhancement. IEEE Transactions on Automation Science and Engineering, 17(2), 1030–1043.

    [22] Mahdavinejad, M. S., Rezvan, M., Barekatain, M., Adibi, P., Barnaghi, P., Sheth, A. P. (2018). Machine learning for Internet of Things data analysis: A survey. Digital Communications and Networks, 4(3), 161–175.

    [23] Arora, P., Kaur, B., Teixeira, M. A. (2021). Evaluation of machine learning algorithms used on attack detection in industrial control systems. Journal of The Institution of Engineers (India): Series B, 102(3), 605–616.

    [24] Kravchik, M., Shabtai, A. (2018). Detecting cyber attacks in industrial control systems using convolutiona neural networks. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, 72–83.

    [25] Kadiyala, R., Revathi, A., Gayathri, A., Rutvij, H. J., Lakshmi, N. C., & Naveen, K. B. (2022).WOGRUIDS— An intelligent intrusion detection system for IoT assistedWireless Sensor Networks [J]. Computer Communications, 196.

    [26] Mao, M., Xiao, H. (2018). Blockchain-based technology for industrial control system cypersecurity. 2018 International Conference on Network, Communication, Computer Engineering (NCCE 2018), 903–907. Atlantis Press.

    [27] Roshan, K., Zafar, A. (2021). Utilizing XAI technique to improve autoencoder based model for computer network anomaly detection with shapley additive explanation (SHAP). arXiv Preprint arXiv:2112. 08442.

    [28] Huong, T. T., Bac, T. P., Ha, K. N., Hoang, N. V., Hoang, N. X., Hung, N. T., Tran, K. P. (2022). Federated learning-based explainable anomaly detection for industrial control systems. IEEE Access, 10, 53854–53872.

    [29] Hoang, N. X., Hoang, N. V., Du, N. H., Huong, T. T., Tran, K. P., & Others. (2022). Explainable anomaly detection for industrial control system cybersecurity. IFAC-PapersOnLine, 55(10), 1183–1188.

    [30] Spelmen, V. S., Porkodi, R. (2018). A review on handling imbalanced data. 2018 International Conference on Current Trends towards Converging Technologies (ICCTCT), 1–11. IEEE.

    [31] Batista, G. E., Prati, R. C., Monard, M. C. (2004). A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD Explorations Newsletter, 6(1), 20–29.

    [32] Hoque, N., Bhattacharyya, D. K., Kalita, J. K. (2014). MIFS-ND: A mutual information-based feature selection method. Expert Systems with Applications, 41(14), 6371–6385.

    [33] Jovi´c, A., Brki´c, K., Bogunovi´c, N. (2015). A review of feature selection methods with applications. 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 1200–1205. Ieee.

    [34] Yu, L., Liu, H. (2003). Feature selection for high-dimensional data: A fast correlation-based filter solution Proceedings of the 20th International Conference on Machine Learning (ICML-03), 856–863.

    [35] Raju, V. N. G., Lakshmi, K. P., Jain, V. M., Kalidindi, A., Padma, V. (2020). Study the influence of normalization/ transformation process on the accuracy of supervised classification. 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT), 729–735. IEEE.

    Cite This Article As :
    G., Dhruv. , U., Parshad. , Singh, Rajkumar. , K., M.. , Mohammed, Faisal. , H., Rutvij. Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence. Journal of Cybersecurity and Information Management, vol. , no. , 2025, pp. 314-331. DOI: https://doi.org/10.54216/JCIM.150125
    G., D. U., P. Singh, R. K., M. Mohammed, F. H., R. (2025). Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence. Journal of Cybersecurity and Information Management, (), 314-331. DOI: https://doi.org/10.54216/JCIM.150125
    G., Dhruv. U., Parshad. Singh, Rajkumar. K., M.. Mohammed, Faisal. H., Rutvij. Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence. Journal of Cybersecurity and Information Management , no. (2025): 314-331. DOI: https://doi.org/10.54216/JCIM.150125
    G., D. , U., P. , Singh, R. , K., M. , Mohammed, F. , H., R. (2025) . Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence. Journal of Cybersecurity and Information Management , () , 314-331 . DOI: https://doi.org/10.54216/JCIM.150125
    G. D. , U. P. , Singh R. , K. M. , Mohammed F. , H. R. [2025]. Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence. Journal of Cybersecurity and Information Management. (): 314-331. DOI: https://doi.org/10.54216/JCIM.150125
    G., D. U., P. Singh, R. K., M. Mohammed, F. H., R. "Enhancing Anomaly Detection in Industrial Control Systems through Supervised Learning and Explainable Artificial Intelligence," Journal of Cybersecurity and Information Management, vol. , no. , pp. 314-331, 2025. DOI: https://doi.org/10.54216/JCIM.150125

    Article Statistics

    View
    255
    Download
    108

    Download