Intrusion Detection and Identification Using Tree-Based Machine Learning Algorithms on DCS Network in the Oil Refinery

Kyoung Ho Kim, Byung Il Kwak, Mee Lan Han, Huy Kang Kim

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)


Recently, Critical Infrastructures (CI) such as energy, power, transportation, and communication have come to be increasingly dependent on advanced information and communication technology (ICT). This change has increased the connection between the Industrial Control System (ICS) supporting the CI and the Internet, resulting in an increase in security threats and allowing a malicious attacker to manipulate and control the ICS arbitrarily. On the other hand, ICS operators are reluctant to install security systems for fear of adverse effects on normal operations due to system changes. Therefore, new research is needed to detect anomalies quickly and identify attack types while ensuring the high availability of ICS. This study proposes a host-based method to detect and identify abnormalities in an Oil Refinery's Distributed Control System (DCS) network using DCS vendor-proprietary protocols using a proposed method based on the tree-based machine learning algorithm. The results demonstrate that the proposed method can effectively detect an abnormality with the eXtreme Gradient Boosting (XGB) classifier, with up to 99% accuracy. Taken together, the results of this study contribute to the accurate detection of abnormal events and identification of attack types on the network without disrupting the normal operation of the DCS in the Oil Refinery.

Original languageEnglish
Pages (from-to)4673-4682
Number of pages10
JournalIEEE Transactions on Power Systems
Issue number6
Publication statusPublished - 2022 Nov 1

Bibliographical note

Publisher Copyright:
© 1969-2012 IEEE.


  • Industrial control system
  • attack identification
  • distributed control system
  • intrusion detection

ASJC Scopus subject areas

  • Energy Engineering and Power Technology
  • Electrical and Electronic Engineering


Dive into the research topics of 'Intrusion Detection and Identification Using Tree-Based Machine Learning Algorithms on DCS Network in the Oil Refinery'. Together they form a unique fingerprint.

Cite this