Advanced Anomaly Detection in Energy Control Systems Using Machine Learning and Feature Engineering

Industrial Control Systems (ICSs) are integral to critical infrastructure and industrial processes, making their security paramount. As ICSs become increasingly interconnected, they are vulnerable to a range of cyber threats, necessitating advanced approaches for anomaly detection. This paper addres...

Full description

Saved in:
Bibliographic Details
Published inCyber Security in Networking Conference (Online) pp. 15 - 21
Main Authors Allal, Zaid, Noura, Hassan, Salman, Ola, Chehab, Ali
Format Conference Proceeding
LanguageEnglish
Published IEEE 04.12.2024
Subjects
Accuracy
Anomaly detection
Computer crime
Control systems
Fault detection
Feature extraction
Industrial Control System (ICS)
intrusion detection
Machine Learning
Random forests
Real-time systems
Renewable energy sources
Smart grids
Tree-Based Models
Online AccessGet full text
ISSN2768-0029
DOI10.1109/CSNet64211.2024.10851741

Cover

More Information
Summary:Industrial Control Systems (ICSs) are integral to critical infrastructure and industrial processes, making their security paramount. As ICSs become increasingly interconnected, they are vulnerable to a range of cyber threats, necessitating advanced approaches for anomaly detection. This paper addresses the challenge of anomaly detection in ICSs by leveraging Machine Learning (ML) and data engineering techniques. A novel framework integrating data preprocessing, feature engineering, and ML algorithms to enhance the detection of anomalies and cyberattacks in ICS energy environments. Specifically, the ICS Flow dataset was acquired and meticulously preprocessed. It underwent advanced feature selection techniques, including model-based importance averaging and feature engineering, to ensure optimal performance for both fault detection and anomaly diagnosis. For fault detection, XGBoost emerged as the most accurate model, achieving 99.9% accuracy with almost no mis-classified instances, demonstrating its effectiveness in rapidly distinguishing between normal and malicious samples. These detected samples were passed to a second tier for anomaly diagnosis, where the Random Forest classifier achieved 99.9% and 100% accuracy in diagnosing threats such as port scan, replay, and Distributed Denial of Service (DDoS), with a slight margin of error for the Man-In-The-Middle (MITM) threat. The results highlight the framework's lightweight, accurate, and efficient capabilities, making it well-suited for real-time ICS energy systems, including smart grids and renewable energy-linked infrastructures
ISSN:2768-0029
DOI:10.1109/CSNet64211.2024.10851741