Super Learner Ensemble for Anomaly Detection and Cyber-Risk Quantification in Industrial Control Systems

Gabriela Ahmadi-Assalemi, Haider Al-Khateeb, Gregory Epiphaniou, Amar Aggoun

Research output: Contribution to journalArticlepeer-review

Abstract

Industrial control systems (ICSs) are integral parts of smart cities and critical to modern societies. Despite indisputable opportunities introduced by disruptor technologies, they proliferate the cybersecurity threat landscape, which is increasingly more hostile. The quantum of sensors utilized by ICS
aided by artificial intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining, and cost reduction. However, apart from the operational use, the sensors generated data combined with AI can be innovatively utilized to model anomalous behavior as part of layered security to increase resilience to cyberattacks. We introduce a framework to profile
anomalous behavior in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, k-fold, n-repeat cross-validation applied to each base learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor data set. The experimental results reveal that the proposed technique achieves an overall F1-score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 s. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS, and transferable to other smart city sectors.
Original languageEnglish
Pages (from-to)13279-13297
JournalIEEE Internet of Things Journal
Volume9
Issue number15
Early online date18 Jan 2022
DOIs
Publication statusPublished - 1 Aug 2022

Bibliographical note

Copyright © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Keywords

  • machine learning
  • cyber-physical systems
  • cyber security
  • digital forensic and incident response
  • supervisory control and data acquisition
  • SCADA
  • programmable logic controllers
  • PLC
  • human machine interface
  • HMI
  • industry 4.0
  • internet of things
  • smart city
  • insider threat
  • cyber resilience

Fingerprint

Dive into the research topics of 'Super Learner Ensemble for Anomaly Detection and Cyber-Risk Quantification in Industrial Control Systems'. Together they form a unique fingerprint.

Cite this