Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870‐5‐104-Reference-Cited by-同舟云学术

Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870‐5‐104

Published:2024-01-04 Issue:3 Volume:9 Page:282-292
ISSN:2398-3396
Container-title:IET Cyber-Physical Systems: Theory & Applications
language:en
Short-container-title:IET Cyber-Phy Sys Theory & Ap

Author:

Arifin M. Agus Syamsul¹²^ORCID,Stiawan Deris³^ORCID,Yudho Suprapto Bhakti¹,Susanto Susanto²,Salim Tasmi¹⁴,Idris Mohd Yazid⁵⁶,Budiarto Rahmat⁷

Affiliation:

1. Departement of Computer systems engineering Faculty of Engineering, Universitas Sriwijaya Palembang Indonesia

2. Departement of Informatics Engineering, Faculty of Engineering Universitas Bina Insan Lubuklinggau Indonesia

3. Departement of Computer System, Faculty of Computer Science Universitas Sriwijaya Palembang Indonesia

4. Departement of Computer System, Faculty of Computer Science Universitas Indo Global Mandiri Palembang Indonesia

5. Departement of Software Engineering, Faculty of Computing Universiti Teknologi Malaysia Johor Malaysia

6. Media and Game Centre of Excellence (MaGICX), Institute of Human Centred Engineering (iHumEn) Universiti Teknologi Malaysia Johor Bahru Johor Malaysia

7. Departement of Computer Science College of Computing and Information, Al‐Baha University Albahah City Albahah Saudi Arabia

Abstract

AbstractSupervisory control and data acquisition systems are critical in Industry 4.0 for controlling and monitoring industrial processes. However, these systems are vulnerable to various attacks, and therefore, intelligent and robust intrusion detection systems as security tools are necessary for ensuring security. Machine learning‐based intrusion detection systems require datasets with balanced class distribution, but in practice, imbalanced class distribution is unavoidable. A dataset created by running a supervisory control and data acquisition IEC 60870‐5‐104 (IEC 104) protocol on a testbed network is presented. The dataset includes normal and attacks traffic data such as port scan, brute force, and Denial of service attacks. Various types of Denial of service attacks are generated to create a robust and specific dataset for training the intrusion detection system model. Three popular techniques for handling class imbalance, that is, random over‐sampling, random under‐sampling, and synthetic minority oversampling, are implemented to select the best dataset for the experiment. Gradient boosting, decision tree, and random forest algorithms are used as classifiers for the intrusion detection system models. Experimental results indicate that the intrusion detection system model using decision tree and random forest classifiers using random under‐sampling achieved the highest accuracy of 99.05%. The intrusion detection system model's performance is verified using various metrics such as recall, precision, F1‐Score, receiver operating characteristics curves, and area under the curve. Additionally, 10‐fold cross‐validation shows no indication of overfitting in the created intrusion detection system model.

Publisher

Institution of Engineering and Technology (IET)

Reference36 articles.

1. Towards Improved Classification Accuracy on Highly Imbalanced Text Dataset Using Deep Neural Language Models

2. Comparative Analysis of Resampling Techniques under Noisy Imbalanced Datasets

3. Machine Learning with Oversampling and Undersampling Techniques: Overview Study and Experimental Results