SCADA intrusion detection scheme exploiting the fusion of modified decision tree and Chi-square feature selection

The industrial internet of things (IIoT) and supervisory control and data acquisition (SCADA) have experienced ubiquitous growth recently. This growth comes with the challenge of an increased number of unusual attacks constituting threats. The existence and effect of intruders and their innovative attack techniques are rising. Although the existing intrusion detection systems (IDS) safeguard the networks, they have been computationally expensive. In real -time domains, available methods lag, necessitating additional research into effective feature extraction schemes with time exigency. An IDS with a fused feature selection (FS) approach for detecting and classifying attacks in a real-time SCADA network is imperative. It is to enable the resolution of computationally complex vulnerability detection schemes. The proposed technique is in three (3) phases: (a) data preparation which involves data cleansing and normalization, and (b) a fused feature selection approach built to obtain an optimal subset of features using Chi-square. (c) deployment of the modified decision tree (MDT) for anomaly detection and classification. Lastly, the reliability of the proposed model was validated, demonstrating suitability in precisely detecting abnormalities while minimizing computational time. This improvement enables adaptability for the IDS deployment scheme in a real-time situation, which could be in the control center. The validation results reveal that when the proposed chi-square-based (fused) feature extraction is employed, it performs optimally to other FS techniques and ML classifiers, compared across four (4) publicly available datasets. Cohen's kappa coefficient (CKC) further validates the proposed model's reliability. Further demonstrating the experimental results with recourse to false positive rates (FPR), the Mathews correlation coefficient (MCC) was employed. It also shows the resilience of the proposed model performance on an imbalanced dataset validating its suitability in real scenarios.