Evaluation of Machine Learning Algorithms for Intrusion Detection in SCADA Systems
Resumo
SCADA systems are widely used in critical industries such as energy and water for process monitoring and control. Due to their interconnection with communication networks, these systems are susceptible to various cyberattacks. This work seeks to detect attacks that could compromise the integrity and availability of SCADA systems, evaluating the performance of machine learning algorithms. Several tests were performed on the WUSTL-IIOT-2018 dataset in order to produce a comprehensive analysis of the performance of different classifiers. The results obtained demonstrated that the selected algorithms performed satisfactorily in the experiments carried out, highlighting their potential to strengthen the security of these critical systems
Palavras-chave:
SCADA, Intrusion Detecion, Machine Learning
Referências
R. Lopez Perez, F. Adamsky, R. Soua, and T. Engel, “Forget the myth of the air gap: Machine learning for reliable intrusion detection in scada systems,” EAI Endorsed Transactions on Security and Safety, vol. 6, no. 19, jan 2019.
T. Öztürk, Z. Turgut, G. Akgün, and C. Köse, “Machine learning-based intrusion detection for scada systems in healthcare,” Network Modeling Analysis in Health Informatics and Bioinformatics, vol. 11, no. 1, p. 47, 2022.
S. Mokhtari, A. Abbaspour, K. K. Yen, and A. Sargolzaei, “A machine learning approach for anomaly detection in industrial control systems based on measurement data,” Electronics, vol. 10, no. 4, p. 407, February 2021.
L. A. C. Ahakonye, C. I. Nwakanma, J. M. Lee, and D. S. Kim, “Scada intrusion detection scheme exploiting the fusion of modified decision tree and chi-square feature selection,” Internet of Things, vol. 21, p. 100676, 2023.
D. Upadhyay, J. Manero, M. Zaman, and S. Sampalli, “Intrusion detection in scada based power grids: Recursive feature elimination model with majority vote ensemble algorithm,” IEEE Transactions on Network Science and Engineering, vol. 8, no. 3, pp. 2559–2574, May 2021.
S. Oyucu, O. Polat, M. Türkoǧlu, H. Polat, A. Aksöz, and M. T. A˘gdas¸, “Ensemble learning framework for ddos detection in sdn-based scada systems,” Sensors, vol. 24, no. 1, p. 155, Dec 2023.
M. Zaman, D. Upadhyay, and C.-H. Lung, “Validation of a machine learning-based ids design framework using ornl datasets for power system with scada,” IEEE Access, vol. 11, pp. 118 414–118 426, Nov 2023.
J. Qian, X. Du, B. Chen, B. Qu, K. Zeng, and J. Liu, “Cyber-physical integrated intrusion detection scheme in scada system of process manufacturing industry,” IEEE Access, vol. 8, pp. 147 471–147 481, Aug 2020.
S. Osken, E. Yildirim, G. Karatas, and L. Cuhaci, “Intrusion detection systems with deep learning: A systematic mapping study,” in 2019 Scientific Meeting on Electrical-Electronics Biomedical Engineering and Computer Science (EBBT), 2019, pp. 1–4.
J. Anderson, “Computer security threat monitoring and surveillance,” James P. Anderson Company, Tech. Rep., 1980.
D. Denning, “An intrusion-detection model,” IEEE Transactions on Software Engineering, pp. 222–232, 1987.
G. Karatas and O. Sahingoz, “Neural network based intrusion detection systems with different training functions,” in 2018 6th International Symposium on Digital Forensic and Security (ISDFS), 2018, pp. 1–6.
M. Kaouk, J. Flaus, M. Potet, and R. Groz, “A review of intrusion detection systems for industrial control systems,” in 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT), 2019, pp. 1699–1704.
J. Ran, Y. Ji, and B. Tang, “A semi-supervised learning approach to ieee 802.11 network anomaly detection,” in 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring), 2019, pp. 1–5.
S. Alam, M. Shuaib, and A. Samad, “A collaborative study of intrusion detection and prevention techniques in cloud computing,” in International Conference on Innovative Computing and Communications, 2019, pp. 231–240.
I. P. Turnipseed, “A new scada dataset for intrusion detection system research,” Master of Science Thesis, Mississippi State University, Starkville, Mississippi, USA, August 2015, datasets include network traffic captured on a gas pipeline SCADA system in MSU’s SCADA lab. [Online]. Available: [link]
M. S. Altaha and H. Hong, “Anomaly detection for scada system security based on unsupervised learning and function codes analysis in the dnp3 protocol,” 2022.
T. Öztürk, Z. Turgut, G. Akgün, and C. Köse, “Machine learning-based intrusion detection for scada systems in healthcare,” Network Modeling Analysis in Health Informatics and Bioinformatics, vol. 11, no. 1, p. 47, 2022.
S. Mokhtari, A. Abbaspour, K. K. Yen, and A. Sargolzaei, “A machine learning approach for anomaly detection in industrial control systems based on measurement data,” Electronics, vol. 10, no. 4, p. 407, February 2021.
L. A. C. Ahakonye, C. I. Nwakanma, J. M. Lee, and D. S. Kim, “Scada intrusion detection scheme exploiting the fusion of modified decision tree and chi-square feature selection,” Internet of Things, vol. 21, p. 100676, 2023.
D. Upadhyay, J. Manero, M. Zaman, and S. Sampalli, “Intrusion detection in scada based power grids: Recursive feature elimination model with majority vote ensemble algorithm,” IEEE Transactions on Network Science and Engineering, vol. 8, no. 3, pp. 2559–2574, May 2021.
S. Oyucu, O. Polat, M. Türkoǧlu, H. Polat, A. Aksöz, and M. T. A˘gdas¸, “Ensemble learning framework for ddos detection in sdn-based scada systems,” Sensors, vol. 24, no. 1, p. 155, Dec 2023.
M. Zaman, D. Upadhyay, and C.-H. Lung, “Validation of a machine learning-based ids design framework using ornl datasets for power system with scada,” IEEE Access, vol. 11, pp. 118 414–118 426, Nov 2023.
J. Qian, X. Du, B. Chen, B. Qu, K. Zeng, and J. Liu, “Cyber-physical integrated intrusion detection scheme in scada system of process manufacturing industry,” IEEE Access, vol. 8, pp. 147 471–147 481, Aug 2020.
S. Osken, E. Yildirim, G. Karatas, and L. Cuhaci, “Intrusion detection systems with deep learning: A systematic mapping study,” in 2019 Scientific Meeting on Electrical-Electronics Biomedical Engineering and Computer Science (EBBT), 2019, pp. 1–4.
J. Anderson, “Computer security threat monitoring and surveillance,” James P. Anderson Company, Tech. Rep., 1980.
D. Denning, “An intrusion-detection model,” IEEE Transactions on Software Engineering, pp. 222–232, 1987.
G. Karatas and O. Sahingoz, “Neural network based intrusion detection systems with different training functions,” in 2018 6th International Symposium on Digital Forensic and Security (ISDFS), 2018, pp. 1–6.
M. Kaouk, J. Flaus, M. Potet, and R. Groz, “A review of intrusion detection systems for industrial control systems,” in 2019 6th International Conference on Control, Decision and Information Technologies (CoDIT), 2019, pp. 1699–1704.
J. Ran, Y. Ji, and B. Tang, “A semi-supervised learning approach to ieee 802.11 network anomaly detection,” in 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring), 2019, pp. 1–5.
S. Alam, M. Shuaib, and A. Samad, “A collaborative study of intrusion detection and prevention techniques in cloud computing,” in International Conference on Innovative Computing and Communications, 2019, pp. 231–240.
I. P. Turnipseed, “A new scada dataset for intrusion detection system research,” Master of Science Thesis, Mississippi State University, Starkville, Mississippi, USA, August 2015, datasets include network traffic captured on a gas pipeline SCADA system in MSU’s SCADA lab. [Online]. Available: [link]
M. S. Altaha and H. Hong, “Anomaly detection for scada system security based on unsupervised learning and function codes analysis in the dnp3 protocol,” 2022.
Publicado
22/10/2025
Como Citar
SANTOS, Maria Eduarda Cher Benetis dos; SALMEN, Fadir; LUCAS, Thiago José; FERREIRA, Tiago Martins; CRUZ, Fernanda Mara; COSTA, Kelton Augusto Pontara da.
Evaluation of Machine Learning Algorithms for Intrusion Detection in SCADA Systems. In: CONGRESSO LATINO-AMERICANO DE SOFTWARE LIVRE E TECNOLOGIAS ABERTAS (LATINOWARE), 22. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 187-193.
DOI: https://doi.org/10.5753/latinoware.2025.15968.
