Abstract
In the era of Industry 4.0, the Industrial Control System (ICS) plays a crucial role, making the detection of cyber attacks on it both vital and challenging. This study presents TDAELID, a method designed to improve cyber assault detection on the widely used IEC 60870-5-104 protocol in ICS. TDAELID employs TabGAN to generate realistic samples from minority classes and a clustering approach to select representative samples from majority classes, enhancing the quality of the training set. Furthermore, it utilizes a weighted ensemble of multiple AI models concurrently to enhance intrusion detection effectiveness. Evaluation on the IEC 60870-5-104 Intrusion Detection Dataset demonstrates TDAELID’s superiority over state-of-the-art methods, achieving an 85.44% detection accuracy and an 84.88% F1 score, surpassing SOTA methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Radoglou-Grammatikis, P., et al.: Modeling, detecting, and mitigating threats against industrial healthcare systems: a combined software defined networking and reinforcement learning approach. IEEE Trans. Industr. Inf. 18(3), 2041–2052 (2022)
Aldweesh, A., Derhab, A., and Emam, A.Z.: Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Know.-Based Syst. 189 (2020)
Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appli. Sci. 9(20) (2019)
Vo, H.V., Du, H.P., Nguyen, H.N.: Ai-powered intrusion detection in large-scale traffic networks based on flow sensing strategy and parallel deep analysis. J. Netw. Comput. Appl. 220, 103735 (2023)
Qin-cui, F., Zi-ying, L., Ke-jia, F.: Implementation of iec60870-5-104 protocol based on finite state machines. In: 2009 International Conference on Sustainable Power Generation and Supply, pp. 1–5, (2009)
Ikram, S.T., et al.: Anomaly detection using xgboost ensemble of deep neural network models. Cybern. Inf. Technol. 21, 175–188 (2021)
Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutorials 21(1), 686–728 (2019)
Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inform. Sec. Appli. 50, 12 (2019)
Bontemps, L., Cao, V.L., Mcdermott, J., Le-Khac, N.-A.: Collective anomaly detection based on long short-term memory recurrent neural networks, pp. 141–152 (Nov 2016)
Li, Y., Qin, T., Huang, Y., Lan, J., Liang, Z., Geng, T.: Hdfef: a hierarchical and dynamic feature extraction framework for intrusion detection systems. Comput. Sec. 121, 102842 (2022)
Aldarwbi, M., Habibi Lashkari, A., Ghorbani, A.: The sound of intrusion: a novel network intrusion detection system. Comput. Electr. Eng. 104, 10 (2022)
Omer, N., Samak, A.H., Taloba, A.I., Abd El-Aziz, R.M.: A novel optimized probabilistic neural network approach for intrusion detection and categorization’. Alexandria Eng. J. 72, 351–361 (2023)
Ghanbarzadeh, R., Hosseinalipour, A., Ghaffari, A.: A novel network intrusion detection method based on metaheuristic optimisation algorithms. J. Ambient Intell. Humanized Comput., 1–18 (2023)
Al, S., Dener, M.: Stl-hdl: a new hybrid network intrusion detection system for imbalanced dataset on big data environment. Comput. Sec. 110, 102435 (2021)
Radoglou-Grammatikis, P., Sarigiannidis, P., Giannoulakis, I., Kafetzakis, E., Panaousis, E.: Attacking iec-60870-5-104 scada systems. In: 2019 IEEE World Congress on Services (SERVICES), vol. 2642-939X, pp. 41–46 (2019)
Asimopoulos, D., et al.: Breaching the defense: Investigating fgsm and ctgan adversarial attacks on iec 60870-5-104 ai-enabled intrusion detection systems,’ pp. 1–8 (Oct 2023)
Vo, H.V., Du, H.P., Nguyen, H.N.: Apelid: enhancing real-time intrusion detection with augmented wgan and parallel ensemble learning. Comput. Sec. 136, 103567 (2024)
Xu, L., Veeramachaneni, K.: Synthesizing tabular data using generative adversarial networks (Nov 2018)
Xu, L., Skoularidou, M., Cuesta-Infante, A., Veeramachaneni, K.: Modeling tabular data using conditional GAN. Curran Associates Inc., Red Hook, NY, USA (2019)
Estécio Marcílio Júnior, W., Eler, D.: From explanations to feature selection: assessing shap values as feature selection mechanism (Nov 2020)
Gramegna, A., Giudici, P.: Shapley feature selection. FinTech 1, 72–80 (2022)
Hassan, F., Yu, J., Syed, Z., Magsi, A.H., Ahmed, N.: Developing transparent ids for vanets using lime and shap: an empirical study. Comput. Mater. Continua 77, 1–10 (2023)
Le, G.V., Nguyen, T.H., Pham, P.D., Phung, O.V., Nguyen, H.N.: Guruws: a hybrid platform for detecting malicious web shells and web application vulnerabilities. Trans. Comput. Collective Intell. 11370, 184–208 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nguyen, T.T., Nguyen, P.H., Nguyen, M.Q., Nguyen, H.N. (2024). TabGAN-Powered Data Augmentation and Explainable Boosting-Based Ensemble Learning for Intrusion Detection in Industrial Control Systems. In: Nguyen, N.T., et al. Computational Collective Intelligence. ICCCI 2024. Lecture Notes in Computer Science(), vol 14811. Springer, Cham. https://doi.org/10.1007/978-3-031-70819-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-70819-0_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-70818-3
Online ISBN: 978-3-031-70819-0
eBook Packages: Computer ScienceComputer Science (R0)