网络哨兵：通过先进的深度学习和优化策略增强SCADA安全性

IF 5.3 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2025-06-11 DOI:10.1016/j.ijcip.2025.100782

Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan , Taher Al-Shehari , Nasser A Alsadhan , Subhav Singh

{"title":"网络哨兵：通过先进的深度学习和优化策略增强SCADA安全性","authors":"Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan , Taher Al-Shehari , Nasser A Alsadhan , Subhav Singh","doi":"10.1016/j.ijcip.2025.100782","DOIUrl":null,"url":null,"abstract":"<div><div>SCADA systems form the core of infrastructural facilities, including power grids, water treatment facilities, and industrial processes. Changing cyber threats present increasingly sophisticated attacks against which traditional security models inadequately protect SCADA systems. These traditional models usually have drawbacks in the way of inadequate feature selection, inefficiency in detecting most attacks, and suboptimal parameter tuning, which cause vulnerabilities and reduce resilience in systems. This paper presents CyberSentry, a new security framework designed to overcome limitations so as to provide robust protection for SCADA systems. These three modules makeup CyberSentry: the RMIG feature selection model, tri-fusion net for attack detection, and Parrot-Levy Blend Optimization (PLBO) for parameter tuning. The Recursive Multi-Correlation-based Information Gain (RMIG) feature selection model enhances accuracy in detection by optimizing the set of fatal features through recursive multi-correlation analysis by Information Gain prioritization. The Tri-Fusion Net combines anomaly detection, signature-based detection, and machine learning classifiers to enhance the detection versatility and robustness. The PLBO module ensures efficient and dynamic tuning for the parameters through undocumented Parrot and Levy optimization techniques. The proposed CyberSentry framework integrates, within a unified architecture, anomaly detection, signature-based detection, and machine learning classifiers to enhance the security of SCADA systems against diverse cyber threats. Features extracted in this manner are analyzed using machine learning classifiers that exploit their predictive capabilities for robust threat classification. The proposed approaches are fused within the Tri-Fusion Net to complement each other in areas where the separate methods lack certain strengths. This, therefore, ensures broad threat detection, as is validated by extensive testing with various datasets for the assurance of superiority in accuracy and reliability. Validated and tested against a wide variety of datasets, CyberSentry demonstrates an overall accuracy of 99.5 % and a loss of 0.32, proving that this method is both effective and reliable.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"50 ","pages":"Article 100782"},"PeriodicalIF":5.3000,"publicationDate":"2025-06-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CyberSentry: Enhancing SCADA security through advanced deep learning and optimization strategies\",\"authors\":\"Alaa O. Khadidos , Adil O. Khadidos , Shitharth Selvarajan , Taher Al-Shehari , Nasser A Alsadhan , Subhav Singh\",\"doi\":\"10.1016/j.ijcip.2025.100782\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>SCADA systems form the core of infrastructural facilities, including power grids, water treatment facilities, and industrial processes. Changing cyber threats present increasingly sophisticated attacks against which traditional security models inadequately protect SCADA systems. These traditional models usually have drawbacks in the way of inadequate feature selection, inefficiency in detecting most attacks, and suboptimal parameter tuning, which cause vulnerabilities and reduce resilience in systems. This paper presents CyberSentry, a new security framework designed to overcome limitations so as to provide robust protection for SCADA systems. These three modules makeup CyberSentry: the RMIG feature selection model, tri-fusion net for attack detection, and Parrot-Levy Blend Optimization (PLBO) for parameter tuning. The Recursive Multi-Correlation-based Information Gain (RMIG) feature selection model enhances accuracy in detection by optimizing the set of fatal features through recursive multi-correlation analysis by Information Gain prioritization. The Tri-Fusion Net combines anomaly detection, signature-based detection, and machine learning classifiers to enhance the detection versatility and robustness. The PLBO module ensures efficient and dynamic tuning for the parameters through undocumented Parrot and Levy optimization techniques. The proposed CyberSentry framework integrates, within a unified architecture, anomaly detection, signature-based detection, and machine learning classifiers to enhance the security of SCADA systems against diverse cyber threats. Features extracted in this manner are analyzed using machine learning classifiers that exploit their predictive capabilities for robust threat classification. The proposed approaches are fused within the Tri-Fusion Net to complement each other in areas where the separate methods lack certain strengths. This, therefore, ensures broad threat detection, as is validated by extensive testing with various datasets for the assurance of superiority in accuracy and reliability. Validated and tested against a wide variety of datasets, CyberSentry demonstrates an overall accuracy of 99.5 % and a loss of 0.32, proving that this method is both effective and reliable.</div></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"50 \",\"pages\":\"Article 100782\"},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2025-06-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548225000435\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548225000435","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

SCADA系统构成了基础设施的核心，包括电网、水处理设施和工业过程。不断变化的网络威胁呈现出越来越复杂的攻击，传统的安全模型不足以保护SCADA系统。这些传统模型通常存在特征选择不足、检测大多数攻击的效率低下以及参数调优不理想等缺点，从而导致系统存在漏洞并降低系统的弹性。本文提出了一种新的安全框架CyberSentry，旨在克服限制，为SCADA系统提供强大的保护。这三个模块组成了CyberSentry: RMIG特征选择模型，用于攻击检测的三融合网络，以及用于参数调优的Parrot-Levy混合优化（PLBO）。基于递归多相关的信息增益（RMIG）特征选择模型通过信息增益优先级的递归多相关分析来优化致命特征集，从而提高检测精度。Tri-Fusion网络结合了异常检测、基于签名的检测和机器学习分类器，以增强检测的通用性和鲁棒性。PLBO模块通过未记录的Parrot和Levy优化技术确保了参数的高效和动态调整。提出的CyberSentry框架集成了统一架构内的异常检测、基于签名的检测和机器学习分类器，以增强SCADA系统抵御各种网络威胁的安全性。以这种方式提取的特征使用机器学习分类器进行分析，这些分类器利用其预测能力进行稳健的威胁分类。建议的方法在三融合网中融合，以便在各自方法缺乏某些优势的领域相互补充。因此，这确保了广泛的威胁检测，正如用各种数据集进行的广泛测试所验证的那样，以确保准确性和可靠性的优势。经过各种数据集的验证和测试，CyberSentry的总体准确率为99.5%，损失为0.32，证明了该方法的有效性和可靠性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CyberSentry: Enhancing SCADA security through advanced deep learning and optimization strategies

SCADA systems form the core of infrastructural facilities, including power grids, water treatment facilities, and industrial processes. Changing cyber threats present increasingly sophisticated attacks against which traditional security models inadequately protect SCADA systems. These traditional models usually have drawbacks in the way of inadequate feature selection, inefficiency in detecting most attacks, and suboptimal parameter tuning, which cause vulnerabilities and reduce resilience in systems. This paper presents CyberSentry, a new security framework designed to overcome limitations so as to provide robust protection for SCADA systems. These three modules makeup CyberSentry: the RMIG feature selection model, tri-fusion net for attack detection, and Parrot-Levy Blend Optimization (PLBO) for parameter tuning. The Recursive Multi-Correlation-based Information Gain (RMIG) feature selection model enhances accuracy in detection by optimizing the set of fatal features through recursive multi-correlation analysis by Information Gain prioritization. The Tri-Fusion Net combines anomaly detection, signature-based detection, and machine learning classifiers to enhance the detection versatility and robustness. The PLBO module ensures efficient and dynamic tuning for the parameters through undocumented Parrot and Levy optimization techniques. The proposed CyberSentry framework integrates, within a unified architecture, anomaly detection, signature-based detection, and machine learning classifiers to enhance the security of SCADA systems against diverse cyber threats. Features extracted in this manner are analyzed using machine learning classifiers that exploit their predictive capabilities for robust threat classification. The proposed approaches are fused within the Tri-Fusion Net to complement each other in areas where the separate methods lack certain strengths. This, therefore, ensures broad threat detection, as is validated by extensive testing with various datasets for the assurance of superiority in accuracy and reliability. Validated and tested against a wide variety of datasets, CyberSentry demonstrates an overall accuracy of 99.5 % and a loss of 0.32, proving that this method is both effective and reliable.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.