Improving intrusion detection in SCADA systems using stacking ensemble of tree-based models

Duc-Duong Nguyen, Minh-Thuy Le, Thanh-Long Cung

Abstract


This paper introduces a stacking ensemble model, which combines three single models, to improve intrusion detection in supervisory control and data acquisition (SCADA) systems. The first layer of the proposed model is the combination of random forest, light boosting gradient machine, and eXtreme gradient boosting models. We use an multilayer perceptron (MLP) network as a meta-classifier of the model. The proposed model is optimized and tested on an international dataset (gas pipeline dataset). The tested results show an accuracy of 99.72% with the f1-score of 99.72% for binary classification tasks (attacked or non-attacked detection). For categorical tasks, the detection rates of almost all attack types are higher than 97.55% (except for denial of service (DoS)-95.17%), with an overall accuracy of 99.62%.


Keywords


eXtreme gradient boosting; Intrusion detection; Light gradient boosting machine; Multilayer perceptron; Random forest; SCADA system

Full Text:

PDF


DOI: https://doi.org/10.11591/eei.v11i1.3334

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Bulletin of EEI Stats