Design of a Hybrid LSTM-DT Intrusion Detection System in SCADA Networks

Document Type : Original Article

Authors

1 Electrical and computer Faulty, University of Kashan

2 Assistant professor of electrical engineering faculty of university of kashanu

Abstract

This paper presents a hybrid intrusion detection system for Industrial Control Systems that leverages real-world data to detect known cyberattacks with very high accuracy. The research begins by designing a realistic laboratory testbed comprising a Siemens S7-1200 PLC, an HMI, and WinCC software. Three types of cyberattacks DDoS, Start/Stop, and Port Scan are simulated using Metasploit, and the corresponding network traffic is captured via Wireshark with Port Mirroring enabled. During preprocessing, the data are filtered, labeled, and behavioral features—such as packet inter-arrival time, control command frequency, and destination port diversity are extracted. A hybrid LSTM-DT model is developed and trained in three configurations; the parallel configuration (Config 3), which fuses the outputs of both LSTM and Decision Tree components, demonstrates superior performance. Evaluation using 10-fold cross-validation on labeled testbed data shows that the proposed model achieves 99.45% accuracy, 99.23% precision, and 99.49% recall. By focusing on flow-based behavioral patterns rather than payload inspection, the system ensures low computational overhead, making it well-suited for resource-constrained industrial environments.

Keywords

Main Subjects

Files

Share

How to cite

Statistics