Ahmadi‐Assalemi, Gabriela, Al‐Khateeb, Haider, Benson, Vladlena, Adamyk, Bogdan and Ammi, Meryem (2025). Adaptive learning anomaly detection and classification model for cyber and physical threats in industrial control systems. IET Cyber-Physical Systems: Theory & Applications, 10 (1),
Abstract
A surge of digital technologies adopted into Industrial Control Systems (ICS) exposes critical infrastructures to increasingly hostile and well-organised cybercrime. The increased need for flexibility and convenient administration expands the attack surface. Likewise, an insider with authorised access reveals a difficult-to-detect attack vector. Because of the range of critical services that ICS provide, disruptions to operations could have devastating consequences making ICS an attractive target for sophisticated threat actors. Hence, the authors introduce a novel anomalous behaviour detection model for ICS data streams from physical plant sensors. A model for one-class classification is developed, using stream rebalancing followed by adaptive machine learning algorithms coupled with drift detection methods to detect anomalies from physical plant sensor data. The authors’ approach is shown on ICS datasets. Additionally, a use case illustrates the model's applicability to post-incident investigations as part of a defence-in-depth capability in ICS. The experimental results show that the proposed model achieves an overall Matthews Correlation Coefficient score of 0.999 and Cohen's Kappa score of 0.9986 on limited variable single-type anomalous behaviour per data stream. The results on wide data streams achieve an MCC score of 0.981 and a K score of 0.9808 in the prevalence of multiple types of anomalous instances.
| Publication DOI: | https://doi.org/10.1049/cps2.70004 |
|---|---|
| Divisions: | College of Business and Social Sciences > Aston Business School > Cyber Security Innovation (CSI) Research Centre College of Business and Social Sciences > Aston Business School > Operations & Information Management College of Business and Social Sciences College of Business and Social Sciences > Aston Business School Aston University (General) |
| Additional Information: | Copyright © 2025 The Author(s). IET Cyber-Physical Systems: Theory & Applications published by John Wiley & Sons Ltd on behalf of The Institution of Engineering and Technology. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited. |
| Uncontrolled Keywords: | adaptive control,cyber-physical systems,human factors,internet of things,learning (artificial intelligence),sensors,smart cities,Information Systems,Computer Science Applications,Computer Networks and Communications,Electrical and Electronic Engineering,Artificial Intelligence |
| Publication ISSN: | 2398-3396 |
| Data Access Statement: | The data that support the findings of this study are openly available from:<br/><br/>Elsevier at https://doi.org/10.1016/j.dib.2017.07.038, reference number https://ars.els-cdn.com/content/image/1-s2.0-S2352340917303402-mmc2.zip in the Supporting Information S1 published with the article.<br/><br/>IEEEDataPort at https://dx.doi.org/10.21227/rbvf-2h90, reference number Water Distribution Testbed (WDT) dataset as dataset. zip.<br/><br/>Kaggle at https://www.kaggle.com/datasets/icsdataset/hai-security-dataset, reference number HAI20.07. |
| Last Modified: | 31 Mar 2025 17:41 |
| Date Deposited: | 14 Feb 2025 16:08 |
| Full Text Link: | |
| Related URLs: |
https://ietrese ... 1049/cps2.70004
(Publisher URL) http://www.scop ... tnerID=8YFLogxK (Scopus URL) |
PURE Output Type: | Article |
| Published Date: | 2025-02-14 |
| Published Online Date: | 2025-02-14 |
| Accepted Date: | 2025-01-28 |
| Authors: |
Ahmadi‐Assalemi, Gabriela
Al‐Khateeb, Haider ( 
0000-0001-8944-123X)
Benson, Vladlena (
0000-0001-5940-0525)
Adamyk, Bogdan (
0000-0001-5136-3854)
Ammi, Meryem |