Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Xinrui Dong,Yingxu Lai

DOI: https://doi.org/10.1109/ISADS56919.2023.10092008

2023-01-01

Abstract:The integration of industrialization and informatization has exposed industrial control systems (ICSs) to increasingly serious security challenges. Currently, the mainstream method to protect the security of ICSs is intrusion detection system (IDS) based on deep-learning. However, these methods depend on a massive amount of high-quality data. Owing to the characteristics and protocol limitations, ICSs data usually experience low-quality and data imbalance problems, which significantly affects the accuracy of IDS.In this study, an IDS for ICS that combines data expansion algorithm and CNN was proposed. A novel normalized neighborhood weighted convex combined random sample (NNW-CCRS) oversampling algorithm was designed, which automatically attenuates the effects of noise and expanding imbalanced data to produce balanced ICS datasets. By reducing the impact of imbalanced ICS data on IDSs, our system effectively protects the security of ICS. Secure Water Treatment dataset (SWaT) was used for experimental validation. The experimental results confirmed that the accuracy of the proposed system improved by approximately 20%, compared to the ICS without data expansion.

Bakht Sher Ali,Inam Ullah,Tamara Al Shloul,Izhar Ahmed Khan,Ijaz Khan,Yazeed Yasin Ghadi,Akmalbek Abdusalomov,Rashid Nasimov,Khmaies Ouahada,Habib Hamam

DOI: https://doi.org/10.1007/s11227-023-05764-5

2024-01-01

Abstract:The growing volume of data, especially in cases of imbalanced datasets, has posed significant challenges in the classification process, particularly when it comes to identifying cyberattacks on industrial control systems (ICS) networks, which have been a source of concern due to the significant destructive impact of viruses such as Slammer, worms, Stuxnet, Duqu, Seismic Net, and Flame on critical infrastructures in various countries. The key challenge is constructing the intrusion detection system (IDS) framework to deal with imbalanced datasets. Many researchers work especially on binary classification, but multi-classification is a more challenging and still active research area. To deal with the multi-class imbalanced classification problem, we outline an instance-based intrusion detection technique named ICS-IDS, for intrusion detection in ICS systems specific to SCADA networks. The developed technique consists of two core components, the data preparation component, and the detection component. The data preparation component uses the normalization, Fisher Discriminant Analysis, and k-neighbor’s method to scale the data, reduce the dimensionality, and resample the dataset, respectively. To learn the latent representations and discern harmful vectors from attacked data, the detection/recognition component leverages an efficient instance-based learner. The proposed ICS-IDS model outperforms existing attractive methods in detecting sophisticated attack vectors in ICS data, achieving 99% accuracy and 99% detection rates (DR) on an industrial network dataset. This proves the methodology's practicality for implementing security in real-world ICS networks.

Yawen Xue,Jie Pan,Yangyang Geng,Zeyu Yang,Mengxiang Liu,Ruilong Deng

DOI: https://doi.org/10.1109/ticps.2024.3406505

2024-01-01

Abstract:Industrial control systems (ICSs) are becoming increasingly interconnected as the rapid convergence of information technology (IT) and operation technology (OT) networks, and meanwhile massive attack surfaces have been exposed. However, traditional intrusion detection systems (IDSs) are difficult to be directly deployed in ICSs due to the hard real-time requirement and rare patching chance. Besides, the design of effective and practical IDSs is hampered by the lack of benchmarking ICS cybersecurity datasets. To bridge the gaps, this paper makes the first attempt by open-sourcing the developed ICS cybersecurity datasets and proposing a decision fusion based real-time IDS. Firstly, we design a customized cybersecurity dataset in a full-hardware and high-fidelity platform, including 7 types of cyber threats tailored for ICSs. The collected dataset includes network traffic, sensor readings, actuator status, and system parameters, providing the state-of-the-art benchmark dataset for ICSs consisting of cross-layer characteristics. Furthermore, we design an online decision fusion-based IDS by strategically integrating 4 widely-used machine learning models. The proposed IDS is deployed on a real-time running ethanol distillation, surpassing the performance of single detection models in terms of precision and F1-score, which substantially enhances intrusion detection accuracy and cybersecurity of ICS.

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Mohammad Reza Monfared,Seyed Mostafa Fakhrahmad

DOI: https://doi.org/10.1007/s40998-022-00493-6

2022-08-19

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Industrial control systems (ICSs) are essential and inseparable part of industrial infrastructures. Industrial control systems have long been designed and established isolated from the outside world; however, due to the needs for development and performance improvement, these industrial systems have been connected to other organization networks. Since security requirements and predictions have not been considered, ICSs are faced with new security threats. Therefore, cybersecurity in industrial control systems is of utmost importance due to severe economic, environmental, human and political consequences. Hence, the design of intrusion detection systems based on industrial control systems is also essential. In the present study, an accurate ICS scheme is developed based on the capabilities of deep neural networks (DNNs). In the proposed scheme, we try to detect the spatial space of packets exclusively by employing convolutional networks. Passing through the long short-term memory (LSTM) network, the time dependence between packets is used to diagnose abnormalities and attacks. Show that the proposed intrusion detection system outperforms other existing industrial intrusion detection systems in terms of accuracy. The high ability of the proposed scheme in dealing with unbalanced data sets is another exciting feature of the proposed scheme.

Motong Sun,Yingxu Lai,Yipeng Wang,Jing Liu,Beifeng Mao,Haoran Gu

DOI: https://doi.org/10.1109/tii.2022.3200363

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:In industrial control systems (ICSs), intrusion detection is a vital task. Conventional intrusion detection systems (IDSs) rely on manually designed rules. These rules heavily depend on professional experience, thereby making it challenging to represent the increasingly complicated industrial control logic. Although deep learning-based approaches provide better accuracy than other methods, they can only provide alerts. However, they cannot provide administrators with detailed information. In this study, we propose the logic understanding IDS (LU-IDS), which is a rule-based IDS with in-depth understandings of industrial control logic. Our proposed LU-IDS uses a specially designed deep learning-based model to capture features automatically and carry out attack classification. More importantly, it analyzes the knowledge learned from the classification of attacks to understand the abnormal industrial control logic and generate rules. The experimental results indicate that our proposed LU-IDS demonstrates excellent performance on intrusion detection. The rules generated by our proposed LU-IDS can be used to successfully detect all types of attacks on two public datasets.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Maged Abdelaty,Roberto Doriguzzi-Corin,Domenico Siracusa

DOI: https://doi.org/10.1109/TETC.2021.3073017

2020-09-14

Abstract:Deep Learning is emerging as an effective technique to detect sophisticated cyber-attacks targeting Industrial Control Systems (ICSs). The conventional approach to detection in literature is to learn the "normal" behaviour of the system, to be then able to label noteworthy deviations from it as anomalies. However, during operations, ICSs inevitably and continuously evolve their behaviour, due to e.g., replacement of devices, workflow modifications, or other reasons. As a consequence, the accuracy of the anomaly detection process may be dramatically affected with a considerable amount of false alarms being generated. This paper presents DAICS, a novel deep learning framework with a modular design to fit in large ICSs. The key component of the framework is a 2-branch neural network that learns the changes in the ICS behaviour with a small number of data samples and a few gradient updates. This is supported by an automatic tuning mechanism of the detection threshold that takes into account the changes in the prediction error under normal operating conditions. In this regard, no specialised human intervention is needed to update the other parameters of the system. DAICS has been evaluated using publicly available datasets and shows an increased detection rate and accuracy compared to state of the art approaches, as well as higher robustness to additive noise.

Cryptography and Security

Wenbin Yu,Yiyin Wang,Lei Song

DOI: https://doi.org/10.20944/preprints201912.0174.v1

2019-01-01

Abstract:Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanism. A modified intrusion detection system (IDS), which is strongly correlated to specific industrial scenario, is necessary for modern ICS. On the one hand, this paper outlines attack models, including infiltration attacks and our creative forging attack. On the other hand, we proposes a hierarchical IDS, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on autoregressive integrated moving average (ARIMA), can forecast the traffic of ICS network in the short term and precisely detect the infiltration attacks according to abnormal changes in traffic pattern. The anomaly detection model using one-class support vector machine (OCSVM) is able to detect malicious control instructions by analyzing the key field in EtherNet/IP packets. The experimental results show that the hierarchical IDS has an outstanding performance in detecting infiltration attacks and forging attack compared with other two innovative IDSs.

Daojing He,Xiaoxia Liu,Jiajia Zheng,Sammy Chan,Sencun Zhu,Weidong Min,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.001.1900480

IF: 10.294

2020-01-01

IEEE Network

Abstract:With the recent advancement in AI technology, IDSs reinforced by AI have been adopted to ensure system and network security. Unfortunately, computational and storage overheads of such systems prevent them from being deployed in IESs. To overcome the challenges that restrict the applicability of intrusion detection for IESs, we propose a lightweight and intelligent IDS. The proposed system first generates the behavioral specifications that characterize the normal communication of an IES. Based on specifications, Gini index and the generalized system attributes are exploited to detect abnormal communications. To reduce the false positive rate, the data that do not abide the behavioral specifications is passed to a Naive Bayes classifier for further classification. Our experimental results show that the proposed system can achieve 95.84 percent accuracy and thus holds great promise for deployment in IESs as a lightweight and efficient IDS.

Haipeng Yao,Pengcheng Gao,Peiying Zhang,Jingjing Wang,Chunxiao Jiang,Lijun Lu

DOI: https://doi.org/10.1109/MNET.001.1800479

IF: 10.294

2019-01-01

IEEE Network

Abstract:The design of an intrusion detection system (IDS) plays a critical role in guaranteeing the security of the Industrial Internet of Things (IIoT). Recently, the rapid development of edge-based IIoT has posed new challenges in the design of a beneficial IDS considering its billions of IIoT devices and substantially decentralized data interaction. Both the detection method and the system architecture become the key components in constructing an efficient IDS for edge-based IIoT. In this article, we survey the typical state-of-theart studies about detection methods and system structure of IDS. Moreover, we propose a hybrid IDS architecture and introduce a machine learning aided detection method, which outperforms the literature in terms of a range of benchmarks.

Anbang Wang,Xinyu Gong,Jialiang Lu

DOI: https://doi.org/10.1109/smartcloud.2019.00028

2019-01-01

Abstract:With the development of network technology and the updating of intelligent networking devices, the variety of cyber attacks and the number of users being attacked are increasing. Intrusion Detection Systems (IDS) are commonly used in the field of network security to detect anomalous activity and behavior. Many previous works have achieved high detection accuracy on standard testing data sets by implementing mature Machine Learning (ML) algorithms. Inspired by the network ontology researches,, we propose two Long Short-Term Memory (LSTM) based IDSs with deep feature extraction: multi-class feature extraction IDS and dual-class feature extraction IDS. Through our experiments on the CICIDS2017 data set, we have found that multi-class feature extraction IDS can better identify the types of cyber attacks while the dual-class feature extraction IDS can better recall new attacks. We conclude that when the structure and characteristics of the classifier are limited, a reasonable selection of the feature extraction space can help improve the characteristics of the classifier and better achieve the downstream tasks in the security field.

Jia-Cheng Huang,Guo-Qiang Zeng,Guang-Gang Geng,Jian Weng,Kang-Di Lu,Yu Zhang

DOI: https://doi.org/10.1016/j.cose.2023.103310

2023-05-27

Abstract:Industrial control systems (ICSs) are facing serious and evolving security threats because of a variety of malicious attacks. Deep learning-based intrusion detection systems (IDSs) have been widely considered as one of promising security solutions for ICSs, but these deep neural networks for IDSs in ICSs have been designed manually, which are extremely dependent on expert experience with numerous model parameters. This paper makes the first attempt to develop an automatic architecture design method of convolutional neural networks (CNNs) based on differential evolution (abbreviated as DE-CNN) for the intrusion detection issue in ICSs. The first phase of the proposed DE-CNN is the off-line architecture optimization of the CNNs constructed by three basic units such as ResNetBlockUnit, DenseNetBlockUnit, and PoolingUnit, including encoding the architecture parameters of a CNN as a population, evaluating the fitness of the population by the validation accuracy and the number of CNN model parameters, implementing the evolutionary process including mutation and crossover operations, and selecting the best individual from the population. Then, the optimal CNN model obtained by the off-line optimization of DE-CNN is deployed for the online IDSs. The experimental results on two intrusion detection datasets in ICSs including SWaT and WADI have demonstrated the superiority of the proposed DE-CNN to the state-of-the-art manually-designed and neuroevolution-based methods under both unsupervised and supervised learning in terms of Precision, Recall , F1 -Score and the number of the CNN model parameters.

computer science, information systems

Wenbin Yu,Yiyin Wang,Lei Song

DOI: https://doi.org/10.3390/electronics8121545

IF: 2.9

2019-01-01

Electronics

Abstract:Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanisms. An improved intrusion detection system (IDS), which is strongly correlated to specific industrial scenarios, is necessary for modern ICS. On one hand, this paper outlines three kinds of attack models, including infiltration attacks, creative forging attacks, and false data injection attacks. On the other hand, a two stage IDS is proposed, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on the autoregressive integrated moving average (ARIMA), can forecast the traffic of the ICS network in the short term and detect infiltration attacks precisely according to the abnormal changes in traffic patterns. Furthermore, the anomaly detection model, using a one class support vector machine (OCSVM), is able to detect malicious control instructions by analyzing the key field in Ethernet/IP packets. The confusion matrix is selected to testify to the effectiveness of the proposed method, and two other innovative IDSs are used for comparison. The experiment results show that the proposed two stage IDS in this paper has an outstanding performance in detecting infiltration attacks, forging attacks, and false data injection attacks compared with other IDSs.

Danish Attique,Wang Hao,Wang Ping,Danish Javeed,Prabhat Kumar

DOI: https://doi.org/10.1109/jiot.2024.3384374

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) is rapidly evolving, and with this evolution, cyber threats have become a significant issue. IIoT networks, despite improving service quality, are uniquely vulnerable to security threats due to their inherent connectivity and the use of low-power devices. Traditional Deep Learning-based IDS, while accurate, suffer from a “black box” issue that hides the reasoning behind their decisions, leading to a decrease in user trust. To address this, our research presents an Explainable and intelligent mechanism for data-efficient intrusion detection in IIoT. Our proposed IDS enhances data efficiency by employing a Bidirectional Long-Short Term Memory (BiLSTM) model with a self-adaptive attention mechanism. The selfadaptive attention mechanism is a novel feature of our IDS framework, designed specifically for IIoT environments. This mechanism dynamically adjusts its focus to prioritize critical elements within a dataset, allocating more computational resources to data segments likely to contain patterns or anomalies indicative of security threats. When integrated with BiLSTM, which excels at capturing temporal dependencies, the mechanism enhances the IDSs ability to learn efficiently from limited datasets. This focus on significant data features and temporal patterns reduces the need for extensive training datasets, making it particularly effective in IIoT settings where data may be sparse yet complex. In addition, we enhance the proposed IDSs transparency by incorporating the SHapley Additive exPlanations mechanism from Explainable AI, thereby boosting the IDSs trustworthiness and interpretability. Our system exhibits outstanding performance on benchmark datasets such as CICIDS2017 and X-IIoTID, attaining accuracies of 99.92% and 96.54%, respectively.

Abiodun Ayodeji,Yong-kuo Liu,Nan Chao,Li-qun Yang

DOI: https://doi.org/10.1016/j.net.2020.05.012

IF: 2.817

2020-01-01

Nuclear Engineering and Technology

Abstract:Most of the machine learning-based intrusion detection tools developed for Industrial Control Systems (ICS) are trained on network packet captures, and they rely on monitoring network layer traffic alone for intrusion detection. This approach produces weak intrusion detection systems, as ICS cyber-attacks have a real and significant impact on the process variables. A limited number of researchers consider integrating process measurements. However, in complex systems, process variable changes could result from different combinations of abnormal occurrences. This paper examines recent advances in intrusion detection algorithms, their limitations, challenges and the status of their application in critical infrastructures. We also introduce the discussion on the similarities and conflicts observed in the development of machine learning tools and techniques for fault diagnosis and cybersecurity in the protection of complex systems and the need to establish a clear difference between them. As a case study, we discuss special characteristics in nuclear power control systems and the factors that constraint the direct integration of security algorithms. Moreover, we discuss data reliability issues and present references and direct URL to recent open-source data repositories to aid researchers in developing data-driven ICS intrusion detection systems.