Anomaly Detection Method for Unknown Protocols in a Power Plant ICS Network with Decision Tree

Kyoung Mun Lee, Min Yang Cho, Jung Gu Kim, Kyung Ho Lee

Research output: Contribution to journalArticlepeer-review


This study aimed to enhance the stability and security of power plant control network systems by developing detectable models using artificial intelligence machine learning techniques. Due to the closed system operation policy of facility manufacturers, it is challenging to detect and respond to security threats using standard security systems. With the increasing digitization of control systems, the risk of external malware penetration is also on the rise. To address this, machine learning techniques were applied to extract patterns from network traffic data produced at an average of 6.5 TB per month, and fingerprinting was used to detect unregistered terminals accessing the control network. By setting a threshold between transmission amounts and attempts using one month of data, an anomaly judgment model was learned to define patterns of data communication between the origin and destination. The hypothesis was tested using machine learning techniques if a new pattern occurred and no traffic occurred. The study confirmed that this method can be applied to not only plant control systems but also closed-structured control networks, where availability is critical, and other industries that use large amounts of traffic data. Experimental results showed that the proposed model outperformed existing models in terms of detection efficiency and processing time.

Original languageEnglish
Article number4203
JournalApplied Sciences (Switzerland)
Issue number7
Publication statusPublished - 2023 Apr

Bibliographical note

Publisher Copyright:
© 2023 by the authors.


  • AI
  • ICS
  • anomaly detection
  • fingerprint
  • unknown protocol

ASJC Scopus subject areas

  • Materials Science(all)
  • Instrumentation
  • Engineering(all)
  • Process Chemistry and Technology
  • Computer Science Applications
  • Fluid Flow and Transfer Processes


Dive into the research topics of 'Anomaly Detection Method for Unknown Protocols in a Power Plant ICS Network with Decision Tree'. Together they form a unique fingerprint.

Cite this