Detecting Cybersecurity Threats for Industrial Control Systems Using Machine Learning

Industrial control systems (ICS) are vital for ensuring the reliability and operational efficiency of critical infrastructure across various industries. However, due to their integration into modernized network environments, they are inadvertently exposed to a variety of cybersecurity threats that can compromise the reliability of critical infrastructure. This study aims to enhance ICS security by introducing a Zero Inflated Poisson (ZIP) based GRU Learning model to detect anomalies of ICS traffic in conjunction with the MITRE ATT&CK framework. The model’s effectiveness was validated through experiments simulating two major cyberattack scenarios: the ‘Stuxnet’ attack and the ‘Industroyer’ attack, achieving over 95% success in attack detection. By mapping the anomalies to the MITRE ATT&CK framework, we were able to lay the groundwork for an efficient response strategy to the attacks. These findings are expected to make a meaningful contribution to assessing and strengthening the security posture of ICS.