Abstract:
Industrial control systems (ICSs) are a complicated integrated system that provide people with
services by coordinating numerous vital infrastructures. ICSs is a system that keeps control and
manages the condition of geographically separated remote facilities for significant national
infrastructure providers, such as electricity, gas, water, and traffic. Computing and communication
elements such as Programming Logic Controls (PLCs) and Supervisor Control and Data
Acquisition (SCADA), as well as communications networks are used to achieve this control.
Because of its nature, it is usually found in large places and is geographically dispersed. This sort
of network connectivity is vulnerable to hacking. To mitigate those attacks from ICSs anomaly
detection systems, play an important role as it can help to detect unknown attacks. The state of the
art of ICS anomaly detection solutions relies on a single models based on a historical database. In
this study, we proposed a hybrid deep learning approach to detect anomaly and we assessed the
model's performance using Root Mean Square Error (RMSE), Mean Square Error (MSE), and
Mean Absolute Error (MAE) to determine the anomaly threshold points. The result showed that
the combined models (LSTM with GRU) and (Bi-LSTM with Bi-GRU) gave low RMSE, MSE,
and MAE 0.0727, 0.0053, 0.0053 and 0.0957, 0.0092, 0.090 respectively. The proposed models
were tested using Secure Water Treatment (SWaT) dataset which is an operational water treatment
testbed operating both normal or attack condition. We used approximately 44K dataset for model
development and used 80-20 ratio for dataset spilt. The overall proposed model performance
measured based on recall, precision, F1 score and accuracy resulted (77%,88%,82% and 88%)
respectively. The above result shows combined model outperformed than single model. Our
recommendation for future researcher is to do root cause analysis on identified anomaly points.
Keyword: Industry control system, anomaly detection, deep learning, machine learning