•  
  •  
 

Abstract

This research paper presents the analysis of using machine learning and deep learning algorithms on detecting anomalous network traffic in Cyber-Physical Systems (CPS). Using a real PLC CPS-based system, normal and anomalous network traffic will be captured using Wireshark. The research analyzes a DDoS attack. The focus of the research is to identify the most effective feature combinations and evaluate them on ML and DL models. The emphasis is on enhancing detection strategies rather than exploiting device vulnerabilities. The detection of network attacks often involves handling a vast array of high-level features. Previous studies (Li & Chasaki, 2022) apply machine learning algorithms directly to these extensive feature sets, which can lead to issues such as increased computational complexity, overfitting, and diminished interpretability. Conversely, other research selectively chooses specific features, which may overlook critical patterns or dependencies within the data.

To address these limitations, this study employs Principal Component Analysis (PCA) to reduce the dimensionality of the dataset, focusing on retaining the most informative features while mitigating the disadvantages associated with large feature sets. Four different data feature combinations for each dataset will be tested. The datasets were analyzed using the Random Forest Model, Decision Tree Model, XGBoost, Support Vector Machine (SVM), and Convolutional Neural Network (CNN). Key dataset features for IIoT anomaly detection were successfully identified, demonstrably enhancing the performance of ML and DL models. Specifically, models trained with these features achieved high accuracy and F1-scores, underscoring the critical importance of feature selection for effective anomaly detection systems. Further research is needed on how analysis of dataset features can enhance the efficiency of detecting anomalous network traffic using ML and DL.

Download

Share

COinS