Super-learner ensemble for anomaly detection and cyber-risk quantification in industrial control systems
dc.contributor.author | Ahmadi-Assalemi, Gabriela | |
dc.contributor.author | al-Khateeb, Haider | |
dc.contributor.author | Epiphaniou, Gregory | |
dc.contributor.author | Aggoun, Amar | |
dc.date.accessioned | 2022-01-19T12:35:00Z | |
dc.date.available | 2022-01-19T12:35:00Z | |
dc.date.issued | 2022-01-20 | |
dc.identifier.citation | Ahmadi-Assalemi, G., Al-Khateeb, H., Epiphaniou, G. and Aggoun, A. (2022) Super-learner ensemble for anomaly detection and cyber-risk quantification in industrial control systems. IEEE Internet of Things Journal, 9(15), pp. 13279-13297. | en |
dc.identifier.issn | 2327-4662 | en |
dc.identifier.doi | 10.1109/JIOT.2022.3144127 | |
dc.identifier.uri | http://hdl.handle.net/2436/624550 | |
dc.description | This is an accepted manuscript of an article published by IEEE in IEEE Internet of Things Journal on 20/01/2022. The accepted version of the publication may differ from the final published version. | en |
dc.description.abstract | Industrial Control Systems (ICS) are integral parts of smart cities and critical to modern societies. Despite indisputable opportunities introduced by disruptor technologies, they proliferate the cybersecurity threat landscape, which is increasingly more hostile. The quantum of sensors utilised by ICS aided by Artificial Intelligence (AI) enables data collection capabilities to facilitate automation, process streamlining and cost reduction. However, apart from operational use, the sensors generated data combined with AI can be innovatively utilised to model anomalous behaviour as part of layered security to increase resilience to cyber-attacks. We introduce a framework to profile anomalous behaviour in ICS and derive a cyber-risk score. A novel super learner ensemble for one-class classification is developed, using overlapping rolling windows with stratified, k-fold, n-repeat cross-validation applied to each base-learner followed by majority voting to derive the best learner. Our approach is demonstrated on a liquid distribution sensor dataset. The experimental results reveal that the proposed technique achieves an overall F1-score of 99.13%, an anomalous recall score of 99% detecting anomalies lasting only 17 seconds. The key strength of the framework is the low computational complexity and error rate. The framework is modular, generic, applicable to other ICS and transferable to other smart city sectors. | en |
dc.format | application/pdf | en |
dc.language.iso | en | en |
dc.publisher | IEEE | en |
dc.relation.url | https://ieeexplore.ieee.org/document/9684524 | en |
dc.subject | digital forensic and incident response | en |
dc.subject | SCADA | en |
dc.subject | PLC | en |
dc.subject | Industry 4.0 | en |
dc.subject | smart city | en |
dc.subject | insider threat | en |
dc.subject | machine learning | en |
dc.subject | cyber-physical systems | en |
dc.subject | cyber security | en |
dc.subject | supervisory control and data acquisition | en |
dc.subject | human machine interface | en |
dc.subject | internet of things | en |
dc.subject | cyber resilience | en |
dc.subject | programmable logic controllers | en |
dc.title | Super-learner ensemble for anomaly detection and cyber-risk quantification in industrial control systems | en |
dc.type | Journal article | en |
dc.identifier.journal | IEEE Internet of Things Journal | en |
dc.date.updated | 2022-01-17T20:54:11Z | |
dc.date.accepted | 2022-01-03 | |
rioxxterms.funder | University of Wolverhampton | en |
rioxxterms.identifier.project | UOW19012022HA | en |
rioxxterms.version | AM | en |
rioxxterms.licenseref.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | en |
rioxxterms.licenseref.startdate | 2022-01-20 | en |
dc.source.volume | 9 | |
dc.source.issue | 15 | |
dc.source.beginpage | 13279 | |
dc.source.endpage | 13297 | |
refterms.dateFCD | 2022-01-19T12:34:29Z | |
refterms.versionFCD | AM | |
refterms.dateFOA | 2021-01-20T00:00:00Z |