Article
Open Access
Cyberattack detection on SWaT plant industrial control systems using machine learning
Shadi Jaradat1,∗Md Mostafizur Komol2Mohammed Elhenawy2Naipeng Dong1
1 School of Information Technology and Electrical Engineering, University of Queensland
2 Centre for Accident Research and Road Safety, Queensland University of Technology
  • Volume
    Volume 1 Issue 2, 2024
  • Citation
    Jaradat S, Komol MM, Elhenawy M, Dong N. Cyberattack detection on SWaT plant industrial control systems using machine learning. Artif. Intell. Auton. Syst. 2024(2):0006, https://doi.org/10.55092/aias20240006. 
  • DOI
    10.55092/aias20240006
  • Copyright
    Copyright2024 by the authors. Published by ELSP.
Abstract

Detecting cyberattacks is critical for maintaining the security and integrity of industrial control systems (ICSs). This study introduces a machine learning approach for identifying cyberattacks on the Secure Water Treatment (SWaT) plant testbed. The dataset, sourced from the Singapore University of Technology and Design, includes data from 51 sensors and actuators. The research employs a Long Short-Term Memory (LSTM) network alongside traditional machine learning algorithms like Random Forest (R.F.), Support Vector Machine (SVM), and K-Nearest Neighbour (KNN) to classify cyberattacks. The LSTM model outperformed the other methods, achieving a test accuracy of 98.02% (cyberattack: 97.80%, non-attack: 98.30%). Given the imbalanced nature of the dataset, additional metrics such as precision, recall, and F1 score were evaluated, further confirming the LSTM model’s robustness compared to traditional algorithms. This research demonstrates the LSTM network’s effectiveness in enhancing cybersecurity for ICSs and underscores the need for proactive strategies in detecting and mitigating cyber threats.

Keywords

cyberattack detection; water treatment plant; machine learning; long short-term memory (LSTM)

Preview
References
  • [1] Parachute. 2022 Cyber attack statistics, data, and trends. Available: https://parachutetechs.com/2022-cyber-attack-statistics-data-and-trends/ (accessed on 7 May 2024).
  • [2] Kaspersky. What is cyber security? Available: https://www.kaspersky.com.au/resource-center/definitions/what-is-cyber-security (accessed on 7 May 2024).
  • [3] Touro College Illinois. The 10 biggest ransomware attacks of 2021: Recent Cyber Attacks Hit Infrastructure and Critical Facilities Across the U.S. Available: https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php (accessed on 7 May 2024).
  • [4] Kardon S. Florida water treatment plant hit with cyber attack. Available: https://www.industrialdefender.com/florida-water-treatment-plant-cyber-attack/ (accessed on 7 May 2024).
  • [5] USIP. Israel-Iran cyber war, gas station attack. Available: https://iranprimer.usip.org/blog/2021/nov/02/israel-iran-cyber-war-gas-station-attack (accessed on 7 May 2024).
  • [6] Segal E. A.I. applications in cybersecurity with real-life examples. Available: https://www.altexsoft.com/blog/ai-cybersecurity/ (accessed on 7 May 2024).
  • [7] Chabin T. How to protect nuclear power plants against cyber terrorist attacks? Available: https://teodorchabin.com/2019/01/12/nuclear-cyber-security/ (accessed on 7 May 2024).
  • [8] Dawda S, MacColl J. Water plant suffers cyber attack through the front door. Available: https://rusi.org/explore-our-research/publications/commentary/us-water-plant-suffers-cyber-attack-through-front-door (accessed on 7 May 2024).
  • [9] Ghojogh B, Ghodsi A. Recurrent neural networks and long short-term memory networks: Tutorial and survey. arXiv 2023, arXiv:2304.11461.
  • [10] Shiri FM, Perumal T, Mustapha N, Mohamed R. A comprehensive overview and comparative analysis on deep learning models: CNN, RNN, LSTM, GRU. arXiv 2023, arXiv:2305.17473.
  • [11] Cahuantzi R, Chen X, Güttel S. A comparison of LSTM and GRU networks for learning symbolic sequences. In Science and Information Conference, London, United Kingdom, 13–14 July 2023, pp. 771–785.
  • [12] Modi C, Patel D, Borisaniya B, Patel H, Patel A, et al. A survey of intrusion detection techniques in cloud computing environment. J. Network Comput. Appl. 2013, 36(1):42–57.
  • [13] García-Teodoro P, Díaz-Verdejo J, Maciá-Fernández G, Vázquez E. Anomaly-based network intrusion detection: Techniques, systems and challenges. Comput. Secur. 2009, 28(1–2):18–28.
  • [14] Iturbe Araya JI, Rifà-Pous H. Anomaly-based cyberattacks detection for smart homes: A systematic literature review. Internet Things 2023, 22:100792.
  • [15] Liu Q, Hagenmeyer V, Keller HB. A review of rule learning-based intrusion detection systems and their prospects in smart grids. IEEE Access 2021, 9:29641-29660.
  • [16] Behzadi A, Sadrizadeh S. A rule-based energy management strategy for a low-temperature solar/wind-driven heating system optimized by the machine learning-assisted grey wolf approach. Energy Convers. Manage. 2023, 277:116590.
  • [17] Karacayılmaz G, Artuner H. A novel approach detection for IIoT attacks via artificial intelligence. Cluster Comput. 2024, 27:10467–10485.
  • [18] Kapersky. SWaT Testbed. Available: https://mlad.kaspersky.com/swat-testbed/ (accessed on 7 May 2024).
  • [19] MR GR, Ahmed CM, Mathur A. Machine learning for intrusion detection in industrial control systems: challenges and lessons from experimental evaluation. Cybersecur. 2021, 4:27.
  • [20] MR GR, Mathur A. Fusing design and machine learning for anomaly detection in water treatment plants. Electronics 2024, 13(12):2267.
  • [21] Koay AMY, Ko RKL, Hettema H, Radke K. Machine learning in industrial control system (ICS) security: Current landscape, opportunities and challenges. J. Intell. Inf. Syst. 2023, 60:377–405.
  • [22] Dehlaghi-Ghadim A, Moghadam MH, Balador A, Hansson H. Anomaly detection dataset for industrial control systems. IEEE Access 2023, 11:107982–107996.
  • [23] Huang JC, Zeng GQ, Geng GG, Weng J, Lu KD. 20 SOPA-GA-CNN: Synchronous optimisation of parameters and architectures by genetic algorithms with convolutional neural network blocks for securing industrial Internet-of-Things. IET Cyber-Sys. Robot. 2023, 5(1):e12085.
  • [24] Huang JC, Zeng GQ, Geng GG, Weng J, Lu KD, et al. Differential evolution-based convolutional neural networks: An automatic architecture design method for intrusion detection in industrial control systems. Comput. Secur. 2023, 132:103310.
  • [25] Zhang Y, Liu Y, Zhou J, Sun J, Li K. Slow-movement particle swarm optimization algorithms for scheduling security-critical tasks in resource-limited mobile edge computing. Future Gener. Comput. Syst. 2020, 112:148–161.
  • [26] Kravchik M, Shabtai A. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Toronto, Canada, 15–19 October 2018, pp. 72–83.
  • [27] Clark RM, Panguluri S, Nelson TD, Wyman RP. Protecting drinking water utilities from cyberthreats. J. Am. Water Works Assn. 2017, 109(2):50–58.
  • [28] Mironeanu C, Archip A, Amarandei CM, Craus M. Experimental cyber attack detection framework. Electronics 2021, 10(14):1682.
  • [29] Ge M, Syed NF, Fu X, Baig Z, Robles-Kelly A. Towards a deep learning-driven intrusion detection approach for Internet of Things. Comput. Networks 2021, 186:107784.
  • [30] Anthi E, Williams L, Rhode M, Burnap P, Wedgbury A. Adversarial attacks on machine learning cybersecurity defences in Industrial Control Systems. J. Inf. Secur. Appl. 2021, 58:102717.
  • [31] Bilen A, Özer AB. Cyber-attack method and perpetrator prediction using machine learning algorithms. PeerJ Comput. Sci. 2021, 7:e475.
  • [32] Mohasseb A, Aziz B, Jung J, Lee J. Predicting cybersecurity incidents using machine learning algorithms: A case study of Korean SMEs. In Proceedings of the 5th International Conference on Information Systems Security and Privacy (ICISSP), Prague, Czech Republic, 23–25 February 2019, pp. 230–237.
  • [33] Salloum SA, Alshurideh M, Elnagar A, Shaalan K. Machine learning and deep learning techniques for cybersecurity: A review. In Proceedings of the International Conference on Artificial Intelligence and Computer Vision (AICV2020), Cairo, Egypt, 8–10 April 2020, pp. 50–57.
  • [34] Ben Fredj O, Mihoub A, Krichen M, Cheikhrouhou O, Derhab A. Cybersecurity attack prediction: A deeplLearning approach. In 13th International Conference on Security of Information and Networks, Merkez, Turkey, 4–7 November 2020, pp. 1–6.
  • [35] Alsamiri J, K. Alsubhi K. Internet of things cyber attacks setection using machine learning. Int. J. Adv. Comput. Sci. Appl. 2019, 10(12):627–634.
  • [36] Feng Y, Akiyama H, Lu L, Sakurai K. Feature selection for machine learning-based early detection of distributed cyber attacks. In 2018 IEEE 16th International Conference on Dependable, Autonomic and Secure Computing, 16th International Conference on Pervasive Intelligence and Computing, 4th International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), Athens, Greece, 12–15 August 2018, pp. 173–180.
  • [37] Wilson D, Tang Y, Yan J, Lu Z. Deep learning-aided cyber-attack detection in power transmission systems. In 2018 IEEE Power & Energy Society General Meeting (PESGM), Portland, OR, USA, 5–10 August 2018, pp. 1–5.
  • [38] Alabi M, Telukdarie A, van Rensburg NJ. Cybersecurity and water utilities: Factors for influencing effective cybersecurity implementation in water sector. In ASEM 41st International Annual Conference Proceedings, 2020.
  • [39] Sarker IH, Kayes ASM, Badsha S, Alqahtani H, Watters P, et al. Cybersecurity data science: an overview from machine learning perspective. J. Big Data 2020, 7(1):41.
  • [40] Wang W, Harrou F, Bouyeddou B, Senouci SM, Sun Y. A stacked deep learning approach to cyber-attacks detection in industrial systems: Application to power system and gas pipeline systems. Cluster Comput. 2021, 25:561–578.
  • [41] Jaradat S, Nayak R, Paz A, Ashqar HI, Elhenawy M. Multitask learning for crash analysis: A Fine-Tuned LLM framework using twitter data. Smart Cities 2024, 7(5):2422–2465.
  • [42] Koay AM, Ko RK, Hettema H, Radke K. Machine learning in Industrial Control System (ICS) security: Current landscape opportunities and challenges. J. Intell. Inf. Syst. 2023, 60(2):377–405.
  • [43] Hink RCB, Beaver JM, Buckner MA, Morris T, Adhikari U, et al. Machine learning for power system disturbance and cyber-attack discrimination. In 2014 7th International Symposium on Resilient Control Systems (ISRCS), Denver, CO, USA, 19–21 August 2014, pp. 1–8.
  • [44] Elhenawy M, Komol MMR, Masoud M, Liu SQ, Ashqar HI, et al. A novel crowdsourcing model for micro-mobility ride-sharing systems. Sensors 2021, 21(14):4636.
  • [45] Jaradat S, Nayak R, Paz A, Elhenawy M. Ensemble learning with Pre-Trained transformers for crash sseverity classification: A deep NLP approach. Algorithms 2024, 17(7):284.
  • [46] Wu Z, Chen S, Rincon D, Christofides PD. Post cyber-attack state reconstruction for nonlinear processes using machine learning. Chem. Eng. Res. Des. 2020, 159:248–261.
  • [47] Nanda S, Zafari F, DeCusatis C, Wedaa E, Yang B. Predicting network attack patterns in SDN using machine learning approach. In 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Palo Alto, CA, USA, 7–10 November 2016, pp. 167–172.
  • [48] Goh J, Adepu S, Junejo KN, Mathur A. A dataset to support research in the design of secure water treatment systems. In Critical Information Infrastructures Security, Paris, France, 10–12 October 2016, pp. 88–99.
  • [49] Akiba T, Sano S, Yanase T, Ohta T, Koyama M. Optuna: A next-generation hyperparameter optimization framework. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, Anchorage, AK, USA, 4–8 August 2019, pp. 2623–2631.
  • [50] Smith LN. Cyclical learning rates for training neural networks. In 2017 IEEE Winter Conference on Applications of Computer Vision (WACV), Santa Rosa, CA, USA, 24–31 March 2017, pp. 464–472.
  • [51] Prechelt L. Early stopping — But when? In Neural Networks: Tricks of the Trade. 2nd ed. Berlin: Springer, 2012. pp. 53–67.
Office Locations

Room 704, Cheuk Nang Centre, 9 Hillwood Road, Tsim Sha Tsui, Kowloon, Hong Kong

No.169th Liangui Road, Dongjing Street, Yuhua District, Changsha 410116, Hunan Province, China

Useful Links
About

ELSPublishing (ELSP) is an international publishing house dedicated to publishing high-quality journals, books, proceedings, and providing free conference system. ELSP is committed to promote scholarly communication and sharing, to build a globally integrated scholarly ecosystem, and to advance the cause for a wide range of scholars.

Website Copyright © 2024 ELSP