Proceedings of International Conference on Applied Innovation in IT  ·  2026/03/31  ·  Vol. 14  ·  Issue 1  ·  pp. 1327–1333
Intrusion Detection in Industrial Control Systems Using ML-Based Log Analysis
Doaa Mohammad Majed, Aya Falah and Vishal Jain
📄 Download PDF DOI: 10.25673/123736
Abstract
The foundation of operational critical infrastructure is known as Industrial Control Systems (ICS) and due to their growing interconnection they have become targets of advanced cyber-attacks. The conventional intrusion detection systems (IDS) are limited because of being rule-based and are unable to identify zero-day exploits and subtle anomalies. This paper offers an intrusion detection system, which is a machine learning (ML) system that will examine ICS log data to detect the anomalies efficiently and accurately. The process includes systematized data gathering, preprocessing, feature discovery and mixed ML modeling by autoencoders and classifiers. The results of the experiment prove that the proposed system is more precise, has higher recall, and AUC values compared to traditional approaches. The distribution of anomaly scores indicates the existence of a distinct boundary between normal behavior and attack behavior, whereas the analysis of the feature importance offers operational information on the important log parameters. The framework has an AUC of 0.984 indicative of its strength and capability to be used in real-time. Also, the architecture of the model is modular which facilitates future scalability and explainability. The superiority of the system to other existing log based and network based IDS models is proved by comparative benchmarking. The research points out the opportunities of ML to improve the ICS cybersecurity using data-driven, adaptive, and explainable ways to do it.
Keywords
Industrial Control Systems (ICS) Intrusion Detection Machine Learning Log Analysis Anomaly Detection Autoencoder Cybersecurity Feature Importance ROC-AUC Critical Infrastructure.
References
  1. M. Kravchik and A. Shabtai, “Detecting cyber attacks in industrial control systems using convolutional neural networks,” in Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and Privacy, pp. 72-83, 2018.
  2. S. Adepu and A. Mathur, “Distributed attack detection in a water treatment plant: Method and case study,” IEEE Transactions on Dependable and Secure Computing, vol. 18, no. 1, pp. 86-99, 2018.
  3. N. Jeffrey, Q. Tan, and J. R. Villar, “A review of anomaly detection strategies to detect threats to cyber-physical systems,” Electronics, vol. 12, no. 15, p. 3283, 2023.
  4. M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.
  5. S. J. Pan and Q. Yang, “A survey on transfer learning,” IEEE Transactions on Knowledge and Data Engineering, vol. 22, no. 10, pp. 1345-1359, 2009.
  6. P. H. Mirzaee, M. Shojafar, H. Cruickshank, and R. Tafazolli, “Smart grid security and privacy: From conventional to machine learning issues (threats and countermeasures),” IEEE Access, vol. 10, pp. 52922-52954, 2022.
  7. M. Han, I. Canli, J. Shah, X. Zhang, I. G. Dino, and S. Kalkan, “Perspectives of machine learning and natural language processing on characterizing positive energy districts,” Buildings, vol. 14, no. 2, p. 371, 2024.
  8. M. M. Aslam, A. Tufail, and M. N. Irshad, “Survey of Deep Learning Approaches for Securing Industrial Control Systems: A Comparative Analysis,” Cyber Security and Applications, p. 100096, 2025.
  9. M. A. Umer, K. N. Junejo, M. T. Jilani, and A. P. Mathur, “Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations,” International Journal of Critical Infrastructure Protection, vol. 38, p. 100516, 2022.
  10. M. M. Aslam, A. Tufail, L. C. De Silva, and R. A. A. H. M. Apong, “Multi-Feature Hybrid Anomaly Detection in ICS: An Integration of ML, DL, and Statistical Techniques,” in Proceedings of the 3rd ACM Workshop on Secure and Trustworthy Deep Learning Systems, pp. 43-51, 2025.
  11. Q. Gulzar and K. Mustafa, “Interdisciplinary framework for cyber-attacks and anomaly detection in industrial control systems using deep learning,” Scientific Reports, vol. 15, no. 1, p. 26575, 2025.
  12. E. Birihanu and I. Lendák, “Explainable correlation-based anomaly detection for Industrial Control Systems,” Frontiers in Artificial Intelligence, vol. 7, p. 1508821, 2025.
  13. Z. Jadidi, S. Pal, M. Hussain, and K. Nguyen Thanh, “Correlation-based anomaly detection in industrial control systems,” Sensors, vol. 23, no. 3, p. 1561, 2023.
  14. Z. Jadidi, S. Pal, M. Hussain, and K. Nguyen Thanh, “Correlation-based anomaly detection in industrial control systems,” Sensors, vol. 23, no. 3, p. 1561, 2023.
  15. X. Zhang, M. Xu, and X. Zhou, “Towards High-Resolution Industrial Image Anomaly Detection,” arXiv preprint, arXiv:2508.12931, 2025, [Online]. Available: https://arxiv.org/abs/2508.12931.
  16. H. Soliman, R. Zhang, X. Cai, W. Feng, A. A. Alsarayreh, A. A. Hussain, and S. Alsadaie, “Multifunctional Superhydrophobic Coatings for Aluminum and Magnesium Alloys: Applications and Performance - Review,” Journal of Techniques, vol. 7, no. 2, pp. 83-100, 2025, [Online]. Available: https://doi.org/10.51173/jt.v7i2.2697.
  17. O. I. Mustafa and S. Ökdem, “Design and Implementation of a Wireless Sensor Network for Real Time Monitoring Applications,” Electrical Engineering Technical Journal, vol. 2, no. 1, pp. 42-46, 2025, [Online]. Available: https://doi.org/10.51173/eetj.v2i1.20.
  18. S. M. Abed, “Combining Yolo and Sift to Detect Confusing Objects in Images,” InfoTech Spectrum: Iraqi Journal of Data Science, vol. 2, no. 2, 2025, doi: 10.51173/ijds.v2i2.35.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Publisher Edition Hochschule Anhalt
Location Anhalt University of Applied Sciences
Email leiterin.hsb@hs-anhalt.de
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License
CC BY-SA 4.0

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter