A deep learning framework for cyberattack detection and classification in Industrial Control Systems

Abstract

The rapid integration of network-based control systems vulnerabilities within Industrial Control Systems (ICS) has increased exposure to sophisticated cyberattacks, especially in the chemical process industry. Adversaries exploit these systems by manipulating sensor data, disrupting operations, and compromising safety while remaining undetected by conventional fault detection mechanisms. Cyberattacks on critical infrastructure have become the new normal, with the World Economic Forum (WEF) ranking cyber threats as the seventh highest global risk in terms of likelihood over the next decade. Additionally, cybercrime has surged by 600% since COVID-19, highlighting the urgency of robust cybersecurity frameworks. This research introduces a hybrid cybersecurity framework combining an enhanced Typicality and Eccentricity Data Analytics (TEDA) algorithm with a Convolutional Neural Network (CNN) for real-time cyberattack detection and classification in ICS. The enhanced TEDA algorithm leverages a sliding window mechanism for adaptive statistical analysis and employs a characteristic model for detecting sophisticated cyber threats, enabling rapid anomaly identification and mitigation without requiring extensive historical data. Simultaneously, the CNN classifier accurately identifies attack types, facilitating timely mitigation strategies. Experimental validation on a laboratory-scale ICS demonstrates the framework’s effectiveness against various cyberattacks, including Min-Max, Surge, Ramp, and Replay attacks. Results highlight its adaptability, lightweight design, and real-time performance, making the proposed framework a scalable and deployable solution for enhancing ICS cybersecurity and operational resilience.