IEEE Access (Jan 2024)

Enhanced CNN-LSTM Deep Learning for SCADA IDS Featuring Hurst Parameter Self-Similarity

  • Asaad Balla,
  • Mohamed Hadi Habaebi,
  • Elfatih A. A. Elsheikh,
  • Md. Rafiqul Islam,
  • Fakher Eldin Mohamed Suliman,
  • Sinil Mubarak

DOI
https://doi.org/10.1109/ACCESS.2024.3350978
Journal volume & issue
Vol. 12
pp. 6100 – 6116

Abstract

Read online

Supervisory Control and Data Acquisition (SCADA) systems are crucial for modern industrial processes and securing them against increasing cyber threats is a significant challenge. This study presents an advanced method for bolstering SCADA security by employing a modified hybrid deep learning model. A key innovation in this work is integrating the Self-similarity Hurst parameter into the dataset alongside a CNN-LSTM model, significantly boosting the Intrusion Detection System’s (IDS) capabilities. The Hurst parameter, which quantifies the self-similarity in a dataset, is instrumental in detecting anomalies. Our in-depth analysis of the CICIDS2017 dataset sheds light on contemporary attack patterns and network traffic behaviors. The CNN-LSTM architecture was substantially altered by adding multiple convolutional layers with progressively increasing filters, batch normalization for stable training, and dropout layers for regularization. Principal Component Analysis (PCA) was applied for dimensionality reduction, thereby optimizing the dataset. Test results demonstrate the superior performance of the model incorporating the Hurst parameter, achieving 95.21% accuracy and 82.59% recall, significantly surpassing the standard model. The inclusion of the Hurst parameter marks a substantial advancement in identifying emerging threats, while architectural improvements to the CNN-LSTM model led to more robust and accurate intrusion detection in industrial control settings.

Keywords