Enhancing Anomaly Detection in Industrial Control Systems through

Supervised Learning and Explainable Artificial Intelligence

Dhruv G. Bhatt1, Parshad U. Kyada1, Rajkumar Singh Rathore2, M. K. Nallakaruppan3,∗, Faisal

Mohammed alotaibi4, Rutvij H. Jhaveri1,∗

1 Department of Computer Science and Engineering, School of Technology, Pandit Deendayal Energy

University, Gandhinagar 382007, India

2 Department of Computer Science, Cardiff School of Technologies, Cardiff Metropolitan University,

Llandaff Campus, CF5 2YB Cardiff, U.K

3 Balaji Institute of Modern Management, Sri Balaji University, Pune, Pincode-411033, India

4 Department of Computer Science, Prince Sattam Bin Abdulaziz University, Al-Kharj, Riyadh 16278,

Saudi Arabia

Emails: dhruv.bhatt.info@gmail.com; parshadkyada2003@gmail.com; rsrathore@cardiffmet.ac.uk;

Nallakaruppan.K@bimmpune.edu.in; faisal.alotaibi@psau.edu.sa; rutvij.jhaveri@sot.pdpu.ac.in

Abstract

This paper addresses industrial control security (ICS) security, focusing on utilizing intrusion detection systems

(IDS) to protect ICS networks. It suggests the use of a Measurement Intrusion Detection System (MIDS) over a

Network Intrusion Detection System (NIDS), directly analyzing measurement data to detect unseen activities.

Training MIDS requires a labeled dataset of various attacks, and a hardware-in-the-loop (HIL) system is used

for safer attack simulations. The main aim is to assess MIDS performance through machine learning (ML)

on this dataset. Explainable artificial intelligence (XAI) is integrated for transparency in decision-making.

Various ML models, such as random forest, achieve high accuracy in detecting anomalies, notably stealthy

attacks, with a receiver operating curve (ROC) of 0.9999 and an accuracy of 0.9795. This highlights the

importance of machine learning in securing ICS, supported by XAI’s explanatory power.

Keywords: Hardware in the Loop (HIL) System; Intrusion Detection; Machine Learning; Real-time Attack

Detection; Stealthy Attacks