Edinburgh Napier University

  Industrial Control Systems have become a priority domain for cybersecurity practitioners due to the number of cyber-attacks against those systems has increased over the past few years. This paper proposes a real-time anomaly intrusion detector for a model of a clean water supply system. A testbed of such system is implemented using the Festo MPA Control Process Rig. A set of attacks to the testbed is conducted during the control process operation. During the attacks, the energy of the components is monitored and recorded to build a novel dataset for training and testing a total of five traditional supervised machine learning algorithms: K-Nearest Neighbour, Support Vector Machine, Decision Tree, Naïve Bayes and Multilayer Perceptron. The trained machine learning algorithms were built and deployed online, during the control system operation, for further testing. The performance obtained from offline and online training and testing steps are compared. The captures results show that KNN and SVM outperformed the rest of the algorithms by achieving high accuracy scores and low falsepositive, false-negative alerts.