Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations

Methods from machine learning are used in the design of secure Industrial Control Systems. Such methods focus on two major areas: detection of intrusions at the network level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physical behavior of the system. This survey focuses on four types of methods from machine learning for intrusion and anomaly detection, namely, supervised, semi-supervised, unsupervised, and reinforcement learning. The literature available in the public domain was carefully selected, analyzed, and placed along a 10-dimensional space for ease of comparison. This multi-dimensional approach is found valuable in the comparison of the methods considered and enables a scientific discussion on their utility in specific environments. The challenges associated in using machine learning, and gaps in research, are identified and recommendations made.

Automated summary

This survey focuses on the application of machine learning in secure Industrial Control Systems, specifically in intrusion and anomaly detection. By comparing and analyzing four types of machine learning methods, the challenges associated with using these methods are identified, and recommendations are made.