Feature-driven Anomalous Behaviour Detection and Incident Classification Model for ICS in Water Treatment Plants


Industry 5.0 envisions humans working alongside emerging technologies and enabled by the fusion of devices and sensors using Information and Communication Technologies (ICT) to facilitate process automation, monitoring and distributed control in Industrial Control Systems (ICS). However, the application of disruptor technologies and exposure of insecure devices broadens the attack surface making ICS an attractive target for sophisticated threat actors. Furthermore, ICS deliver a range of critical services hence disruption of industrial operations and services could have serious consequences. This study proposes an anomaly-based intrusion detection system for a water treatment plant based on a new model to determine variable significance for improved detection accuracy using Machine Learning (ML) algorithms coupled with incident classification based on functional impact. Determining statistical significance for independent ICS variables was addressed using logistic regression. Overall, thirty-nine variables are deemed relevant in diagnosing the system state of the ICS operation to be expected or under attack. Our approach is validated using the Secure Water Treatment (SWaT) testbed. Experimental results reveal that anomaly detection was effective using k-NN, ANN and SVM achieving an F1-score of 0.99, 0.98 and 0.97 respectively.

Publication DOI: https://doi.org/10.1504/IJESDF.2025.10058572
Divisions: College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre
College of Business and Social Sciences > Aston Business School > Operations & Information Management
Uncontrolled Keywords: Critical national infrastructure,fifth industrial revolution,operational technology,smart city,APT,artificial intelligence
Publication ISSN: 1751-911X
Last Modified: 08 Apr 2024 16:00
Date Deposited: 25 Jul 2023 16:06
Full Text Link:
Related URLs: https://www.ind ... hp?jcode=ijesdf (Publisher URL)
PURE Output Type: Article
Published Date: 2023-06-22
Accepted Date: 2023-06-22
Authors: Ahmadi-Assalemi, Gabriela
Al-Khateeb, Haider (ORCID Profile 0000-0001-8944-123X)
Makonese, Tanaka Laura
Benson, Vladlena (ORCID Profile 0000-0001-5940-0525)
Khan, Samiya
Butt, Usman Javed



Version: Accepted Version

Access Restriction: Restricted to Repository staff only until 1 January 2050.

Export / Share Citation


Additional statistics for this record