Enhancing Industrial Control System Security: An Isolation Forest-based Anomaly Detection Model for Mitigating Cyber Threats
Md. Saif Mahmud
Department of Business, Engineering & Technology, Texas A&M University-Texarkana, Texas, USA.
Md. Ashikul Islam
Department of Electrical Engineering, Lamar University, Texas, USA.
Md. Maruf Rahman
Department of Business, Engineering & Technology, Texas A&M University-Texarkana, Texas, USA.
Debashon Chakraborty
Department of College of Business, Lamar University, Texas, USA.
Shaharier Kabir
Department of Electrical & Electronic Engineering, American International University-Bangladesh, Dhaka, Bangladesh.
Abu Shufian *
Department of Electrical & Electronic Engineering, American International University-Bangladesh, Dhaka, Bangladesh.
Protik Parvez Sheikh
Department of Electrical & Electronic Engineering, American International University-Bangladesh, Dhaka, Bangladesh.
*Author to whom correspondence should be addressed.
Abstract
In the evolving landscape of industrial control systems (ICS), the sophistication of cyber threats has necessitated the development of advanced anomaly detection mechanisms to safeguard critical infrastructure. This study introduces a novel anomaly detection model based on the Isolation Forest algorithm, tailored for the complex environment of ICS. Unlike traditional detection methods that often rely on predefined thresholds or patterns, our model capitalizes on the Isolation Forest's ability to efficiently isolate anomalies in high-dimensional datasets, making it particularly suited for the dynamic and intricate data generated by ICS. Leveraging the HAI dataset, which encompasses operational data from a realistic ICS testbed augmented with a Hardware-In-the-Loop (HIL) simulator, this research demonstrates the model's effectiveness in identifying both known and novel cyber threats across various ICS components. Our findings reveal that the Isolation Forest-based model outperforms traditional anomaly detection techniques in terms of detection accuracy, false positive rate, and computational efficiency. Furthermore, the model exhibits a remarkable ability to adapt to the evolving nature of cyber threats, underscoring its potential as a robust tool for enhancing the security posture of ICS. Through a detailed analysis of its application in detecting sophisticated attacks represented in the HAI dataset, this study contributes to the ongoing discourse on improving ICS security and presents a compelling case for the adoption of machine learning-based anomaly detection solutions in industrial settings.
Keywords: Anomaly detection, industrial control systems (ICS), isolation forest algorithm, cyber-physical systems (CPS), hardware-in-the-loop (HIL) simulation, adaptive threat detection
How to Cite
Downloads
References
F Kargl, Van Der Heijden RW, König H, Valdes A, Dacier MC. Insights on the security and dependability of industrial control systems. IEEE Secur Priv. 2014;12(6):75–78. DOI:10.1109/MSP.2014.120.
Fan X, Fan K, Wang Y, Zhou R. Overview of cyber-security of industrial control system. International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2015 – Proceedings; 2015. DOI:10.1109/SSIC.2015.7245324.
Y Li et al. Cross-domain Anomaly Detection for Power Industrial Control System. ICEIEC 2020 - Proceedings of 2020 IEEE 10th International Conference on Electronics Information and Emergency Communication. 2020;383–386. DOI:10.1109/ICEIEC49280.2020.9152334
Paridari K, O’Mahony N, El-Din Mady A, Chabukswar R, Boubekeur M, Sandberg H, A framework for attack-resilient industrial control systems: Attack detection and controller reconfiguration. Proceedings of the IEEE. 2018;106(1):113–128. DOI:10.1109/JPROC.2017.2725482.
Koay AMY, Ko RKL, Hettema H, Radke K. Machine learning in industrial control system (ICS) security: Current landscape, opportunities and challenges. J Intell Inf Syst. 2023;60(2):377–405. DOI:10.1007/S10844-022-00753-1.
Xu J, Shi W, Zhang S, An Ensemble Learning Method with Feature Fusion for Industrial Control System Anomaly Detection. Proceedings of the 33rd Chinese Control and Decision Conference, CCDC. 2021;2563–2567. DOI:10.1109/CCDC52312.2021.9602724.
Bae S, Hwang C, Lee T. Research on Improvement of Anomaly Detection Performance in Industrial Control Systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2021;13009 LNCS:76–87. DOI:10.1007/978-3-030-89432-0_7.
Kabir S, Shufian A, Zishan MSR, Isolation Forest Based Anomaly Detection and Fault Localization for Solar PV System. International Conference on Robotics, Electrical and Signal Processing Techniques. 2023;341–345. DOI:10.1109/ICREST57604.2023.10070033
Kabir S, Md Oyon SS, Md Shahria N, Islam R, Md Hoque JAM, Shufian A. Integrating AE-CNN with Smart Relaying and SSCB for Enhanced Three-Phase Fault Detection and Mitigation. 2023 10th IEEE International Conference on Power Systems (ICPS). 2023;1–5. DOI:10.1109/ICPS60393.2023.10428989
Peng Y et al. Cyber-Physical Attack-Oriented Industrial Control Systems (ICS) Modeling, Analysis and Experiment Environment. Proceedings - 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2015. 2016;322– 326. DOI:10.1109/IIH-MSP.2015.110
Zou J, Jin X, Zhang L, Wang Y, Li B. A case study of anomaly detection in industrial environments. Proceedings - 22nd IEEE International Conference on Computational Science and Engineering and 17th IEEE International Conference on Embedded and Ubiquitous Computing, CSE/EUC. 2019;294–298. DOI:10.1109/CSE/EUC.2019.00063
Wang B, Zhang J, Luo C, Yang L, Chen J, Ma H. Research on Deep Detection Technology of Abnormal Behavior of Power Industrial Control System. IEEE 6th Information Technology and Mechatronics Engineering Conference, ITOEC. 2022;256–1261. DOI:10.1109/ITOEC53115.2022.9734439
Zhao H, Lei R, Fan F, Guo Y, Li Y. Abnormal Detection of Industrial Control System Based on LSTM and GSK Algorithm Customized by Taguchi Method. 2023 IEEE 3rd International Conference on Computer Communication and Artificial Intelligence, CCAI. 2023;306–311. DOI:10.1109/CCAI57533.2023.10201287
Zhang Z, Chang C, Lv Z, Han P, Wang Y. A control flow anomaly detection algorithm for industrial control systems, Proceedings - 2018 1st International Conference on Data Intelligence and Security, ICDIS. 2018;286–293. DOI:10.1109/ICDIS.2018.00054
Zhao W, Peng Y, Xie F. Testbed techniques of industrial control system,” Proceedings of 2013 3rd International Conference on Computer Science and Network Technology, ICCSNT 2013. 2014;61–65. DOI:10.1109/ICCSNT.2013.6967064
Oyon MSS, Shufian A, Kabir S, Islam MA, Mahin MSR, Mahmud MS. Three Phase Fault Analysis Using Thermal-Magnetic Circuit Breaker and Overcurrent Relay. IEEE Int. Conf. on Information and Communication Technology for Sustainable Development (ICICT4SD). 2023;269-273. DOI:10.1109/ICICT4SD59951.2023.10303432.
icsdataset/hai: HIL-based Augmented ICS (HAI) Security Dataset. Accessed; 2024. Available:https://github.com/icsdataset/hai
Mokhtari S, Yen KK. Measurement data intrusion detection in industrial control systems based on unsupervised learning. Applied Computing and Intelligence. 2021;1(1):61–74. DOI:10.3934/ACI.2021004
Shufian A, Kabir S, Islam MA, Hoque MJAM, Adnan MA, Mohammad N. Grid-tied Smart Microgrid with Heuristic Optimized Energy Management System (EMS), IEEE International Conference on Next-Generation Computing, IoT and Machine Learning (NCIM). 2023;1-6. DOI:10.1109/NCIM59001.2023.10212528
Xue F, Yan W. Multivariate Time Series Anomaly Detection with Few Positive Samples, Proceedings of the International Joint Conference on Neural Networks. 2022;2022. DOI:10.1109/IJCNN55064.2022.9892091