Super Learner Ensemble for Anomaly Detection and Cyber-Risk Quantification in Industrial Control Systems


Industrial control systems (ICSs) are integral parts of smart cities and critical to modern societies. Despite indisputable opportunities introduced by disruptor technologies, they proliferate the cybersecurity threat landscape, which is increasingly more hostile. The quantum of sensors utilized by ICS aided by artificial intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining, and cost reduction. However, apart from the operational use, the sensors generated data combined with AI can be innovatively utilized to model anomalous behavior as part of layered security to increase resilience to cyberattacks. We introduce a framework to profile anomalous behavior in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, k-fold, n-repeat cross-validation applied to each base learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor data set. The experimental results reveal that the proposed technique achieves an overall F1-score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 s. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS, and transferable to other smart city sectors.

Publication DOI:
Divisions: College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre
College of Business and Social Sciences > Aston Business School > Operations & Information Management
Additional Information: Copyright © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Uncontrolled Keywords: machine learning,cyber-physical systems,cyber security,digital forensic and incident response,supervisory control and data acquisition,SCADA,programmable logic controllers,PLC,human machine interface,HMI,industry 4.0,internet of things,smart city,insider threat,cyber resilience
Publication ISSN: 2327-4662
Last Modified: 28 Feb 2024 08:26
Date Deposited: 02 Feb 2023 13:56
Full Text Link:
Related URLs: https://ieeexpl ... ocument/9684524 (Publisher URL)
http://www.scop ... tnerID=8YFLogxK (Scopus URL)
PURE Output Type: Article
Published Date: 2022-08-01
Published Online Date: 2022-01-18
Accepted Date: 2022-01-03
Authors: Ahmadi-Assalemi, Gabriela
Al-Khateeb, Haider (ORCID Profile 0000-0001-8944-123X)
Epiphaniou, Gregory
Aggoun, Amar

Export / Share Citation


Additional statistics for this record