Anomaly Detection in ICS Datasets with Machine Learning Algorithms

An Intrusion Detection System (IDS) provides a front-line defense

mechanism for the Industrial Control System (ICS) dedicated to keeping the process

operations running continuously for 24 hours in a day and 7 days in a week.

A well-known ICS is the Supervisory Control and Data Acquisition (SCADA)

system. It supervises the physical process from sensor data and performs remote

monitoring control and diagnostic functions in critical infrastructures. The ICS

cyber threats are growing at an alarming rate on industrial automation applications.

Detection techniques with machine learning algorithms on public datasets,

suitable for intrusion detection of cyber-attacks in SCADA systems, as the first

line of defense, have been detailed. The machine learning algorithms have been

performed with labeled output for prediction classification. The activity traffic

between ICS components is analyzed and packet inspection of the dataset is performed

for the ICS network. The features of flow-based network traffic are

extracted for behavior analysis with port-wise profiling based on the data baseline,

and anomaly detection classification and prediction using machine learning algorithms

are performed.