Machine Learning-Enhanced Intrusion Detection System for Accelerated Threat Response through Feature Space Reduction in Critical Infrastructures

Abstract

Critical Infrastructure (CI) forms the backbone of any nation, ensuring the seamless operation of various sectors such as manufacturing, gas pipeline systems, nuclear power plants, transportation, etc. The deployment of Industrial Control Systems (ICSs) and Supervisory Control and Data Acquisition (SCADA) systems facilitates the management and remote monitoring of the industrial processes. However, this advancement has also rendered ICSs vulnerable to numerous cyber-attacks. Security is crucial to prevent significant economic losses and potential loss of life and a highly responsive Intrusion Detection System (IDS) is vital for safeguarding CI. IDSs often rely on extensive network traffic that includes irrelevant features, leading to prolonged response time. To address these challenges, we propose a novel approach called Statistical Parameters - Selective Promising Feature Selection (SP-SPFS). This method ranks the most relevant features based on statistical parameters and selects the most effective features using a forward selection process. We evaluate SP-SPFS by comparing it with other feature ranking and selection methods, including Weighted Feature Importance (WFI) and Forward Feature Selection (FFS). Specifically, we analyze four combinations: SP-SPFS, SP-FFS, WFI-SPFS, and WFI-FFS. The effectiveness of these approaches is assessed using tree-based classifiers, namely, Decision Tree (DT), Random Forest (RF), Gradient Boost (GB), and Extreme Gradient Boost (XGB) on the Gas Pipeline dataset from Mississippi State University (MSU) and its three clusters namely, Command, Function, and Response. Performance metrics such as execution time, accuracy, f1-score, precision, and recall are evaluated using 10-fold cross-validation. Our findings show that SP-SPFS achieves the highest performance: 99.22% accuracy in 24.24 seconds with 14 features on the full dataset. For clusters, SP-SPFS-RF reaches 99.24% accuracy with 10 features in 179.13 seconds (Command), 99.61% with 11 features in 239.79 seconds (Function), and 98.62% with 7 features in 12.4 seconds (Response). Overall, SP-SPFS effectively reduces execution time while maintaining high performance.