Tudor Poienariu

Detecting Cyber Threats in Industrial Networks with Machine Learning

The Problem

Industrial Control Systems (ICS) run everything from power grids to water treatment plants. But as these systems connect to IT networks, they become vulnerable to cyberattacks. Traditional security tools struggle to detect zero-day threats—new, unseen attacks that exploit gaps in defenses.

My project tackled this challenge by building a machine learning-based anomaly detection system for IT/OT traffic in industrial networks.

What I Built

  1. Simulated a Realistic ICS Network Using GNS3, I created a virtual industrial network with three zones:

    • Enterprise (IT): Corporate systems.
    • IDMZ: A buffer zone to filter traffic.
    • Industrial (OT): PLCs, SCADA, and other control devices.

  2. Generated Realistic Traffic

    • Normal traffic: Simulated human operators and automated processes (e.g., database syncs, sensor monitoring).
    • Malicious traffic: Modeled cyberattacks like reconnaissance scans, brute-force logins, and denial-of-service (DoS) attacks.

  3. Trained ML Models to Spot Anomalies Tested three unsupervised algorithms:

    • Autoencoder (best precision: 68%)
    • Isolation Forest (balanced performance)
    • Local Outlier Factor (less effective for this use case).

  4. Integrated a Full Detection Pipeline

    • Traffic → Firewall monitoring → Data processing → ML classification → Alerts.

Why It Matters

This isn’t just academic: Real-world ICS attacks (like Stuxnet or Ukraine’s power grid hack) show how vulnerable industrial systems are. Better detection could prevent disruptions to essential services.

Dive Deeper

Want the full story? Check out:

What’s next? I’m exploring how LLMs can work with anomaly detection.

<< Previous Post

|

Next Post >>

#Cybersecurity #Machine Learning #Industrial Control Systems #IT/OT Networks