Machine Learning-Based Detection of Anomalies, Intrusions, and Threats in Industrial Control Systems

Industrial Control Systems (ICS) are critical to the efficient operation of essential sectors such as manufacturing, energy, and water management. However, their increasing integration with IT systems exposes them to sophisticated cyberattacks, particularly lateral attacks targeting Programmable Logic Controllers (PLCs). Advanced preventive measures are necessary because, despite their significance, many ICS continue to rely on outdated technologies with few security features. This paper proposes a machine learning (ML)-based approach to anomaly detection in ICS communication networks, focusing on techniques such as 1D Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTM) networks, Support Vector Machines (SVMs), and Isolation Forest (iForest) algorithms. We generated a dataset by capturing both normal and manipulated ICS communication patterns, including TCP/IP traffic. Simulated lateral attacks provided realistic data for training and testing the ML models. The results demonstrate that the 1D CNN model achieved the highest accuracy (0.92) and F1 score (0.91) with minimal processing time, making it ideal for real-time intrusion detection. This research highlights the potential of ML techniques to fortify ICS cybersecurity and lays the groundwork for future advancements in critical infrastructure resilience.