An international research team has developed two deep learning-based IDS models to improve cybersecurity in SCADA systems. The hybrid approach is said to improve the detection of complex and novel cyber threats with high accuracy, adaptability and efficiency, outperforming traditional methods across multiple data sets.
A Saudi-British research team has developed two new deep learning-based intrusion detection systems (IDSs) that can reportedly improve the cybersecurity of SCADA networks.
In large-scale solar power plants, SCADA systems play a crucial role by overseeing energy generation, monitoring solar panel performance, optimizing output, identifying potential faults and maintaining smooth overall operation. Essentially, they act as the central system that converts raw solar data into practical control decisions, keeping the plant running safely, efficiently and profitably.
The scientists explained that current cybersecurity frameworks are often inadequate for SCADA systems, as they cannot fully handle the complexity and ever-evolving nature of modern cyber threats. Most existing approaches rely on signature-based detection, which relies on prior knowledge of attack patterns and therefore fails to detect zero-day exploits or new intrusion techniques.
To address this limitation, the researchers considered deep learning methods, as these techniques allow processing large amounts of data, identifying complex patterns, and enabling more proactive threat detection.
“Such big data processing and analysis capabilities are especially useful in scenarios where SCADA systems generate massive streams of real-time data, including sensor measurements, control commands, and other system logs,” they explained. “Additionally, deep learning methods, especially convolutional neural networks (CNNs) and recurrent neural networks (RNNs), have shown excellent performance in detecting complex attack scenarios involving sequential or spatial patterns in data.”
The proposed approach integrates two novel IDSs, called the Spike Encoding Adaptive Regulation Kernel (SPARK) and the Scented Alpine Descent (SAD) algorithm. Taking advantage of their complementary strengths, the method reportedly improves peak threshold accuracy while improving adaptability and robustness under dynamic conditions.
The SPARK model introduces adaptive peak coding by dynamically adjusting thresholds based on the characteristics of the input signal. It uses advanced statistical methods to respond to variations in neural input, improving sensitivity to changes in intensity and frequency. By integrating both temporal and spatial features, SPARK improves information encoding, especially for complex data sets. Unlike traditional fixed-threshold methods, it provides context-aware thresholding, improving accuracy and reliability.
The SAD algorithm complements SPARK by providing an optimization strategy inspired by olfactory navigation, the process by which animals and organisms use olfactory cues to locate food, mates or home, and Lévy flight behavior, a strategy observed in many animal species to randomly search for a target in an unknown environment. This enables efficient exploration of solution spaces and avoids local minima, ensuring optimal threshold selection.
The hybrid approach can dynamically adjust and optimize peak thresholds simultaneously, outperforming conventional static or isolated approaches, scientists said. They noted that the SPARK model is well suited for SCADA and IoT systems due to its scalability, real-time adaptability, and efficient data processing. Additionally, its lightweight design reduces computational overhead and false positives, making it effective in resource-constrained environments.
“SAD is complementary to SPARK in that it focuses on improving detection accuracy while maintaining computational efficiency,” the researchers pointed out. “SAD’s anomaly scoring mechanism can be integrated into this framework to add an additional layer of detection, which can run in parallel with SPARK. Integrating the deep learning models into the scoring mechanism essentially means that SAD would enable much more fine-grained analysis of attack patterns with little noticeable impact on the performance of the SCADA system in question.”
The researchers used multiple benchmark datasets to evaluate the performance of SCADA intrusion detection, including the Testbed for safe water treatment (SWaT).Gas pipeline, WUSTL-IIoT and Electricity. These datasets capture diverse industrial environments, attack types, and operational conditions, allowing for extensive testing. They also include time series sensor data, actuator commands, and labeled attack scenarios such as denial-of-service (DoS), distributed denial-of-service (DDoS), malware, and injection attacks.
According to the research team, the diversity of data sets allowed for accurate modeling of both normal behavior and complex abnormalities in SCADA and IIoT systems. Standardized preprocessing, training and evaluation procedures also allowed comparison between all models tested. Cross-validation and controlled training conditions, meanwhile, reportedly prevented bias and ensured reliable generalization results. Visualization tools such as histograms, loss curves and confusion matrices provided insight into model behavior and anomaly detection.
The SPARK model was found to consistently demonstrate ‘superior’ performance, achieving high accuracy, precision and recall across all data sets. It outperformed traditional machine learning and deep learning approaches in detecting various types of intrusions.
“In summary, the findings underline that the SPARK and SAD models are in fact the final frontier in modern intrusion detection,” the scientists said. “The two designs are clearly designed to deliver improved detection capabilities and operational efficiencies, while also paving a way to more resilient and intelligent security solutions for modern industrial controlled systems (ICSs) and Internet-of-Things (IoT) networks.”
The new IDSs were presented in “SPARK and SAD: Leading deep learning frameworks for robust and effective intrusion detection in SCADA systems”, published in the International Journal of Critical Infrastructure Protection. The research team included academics from Leeds Beckett University in the United Kingdom and King Abdulaziz University in Saudi Arabia.
This content is copyrighted and may not be reused. If you would like to collaborate with us and reuse some of our content, please contact: editors@pv-magazine.com.
Popular content
