Efficient Machine Learning-Based Security Monitoring and Cyberattack Classification of Encrypted Network Traffic in Industrial Control Systems

Security monitoring is a key aspect to detect cyberattacks against industrial control systems. However, with the increasing use of encryption in industrial communication protocols, traditional monitoring solutions based on deep packet inspection are becoming less effective. This paper introduces a novel approach for efficient machine learning-based security monitoring and cyberattack classification in encrypted network traffic, named CyberClas + . The approach converts network traffic into time series by computing network metrics and analyzes these time series with a combination of threshold learning and machine learning. Evaluation results on an industrial control system show a classification accuracy of 97% across 14 different cyberattack techniques, with a significantly decreased execution time compared to conventional machine learning methods.