Ensemble Learning-Based Intrusion Detection System for Modbus-Enabled Industrial Networks

Industrial Control Systems (ICS) and Modbus-enabled networks are facing escalating threats from sophisticated cyber-attacks, while current Intrusion Detection Systems (IDS) struggle to identify intricate and adaptive attacks. This study envisions an ensemble learning-based IDS for Modbus-enabled industrial networks using a real-like Modbus 2023 dataset for industrial networks. The proposed IDS combines four base classifiers, namely K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Random Forest (RF), and Adaptive Boosting (AdaBoost), using the stack ensemble framework, where Logistic Regression acts as the meta-classifier. Preprocessing involved PCAP capture and attack log synchronization, feature normalization, and one-hot encoding for balanced and accurate model training. Experimental evaluation demonstrated that the ensemble model has a 99.78% detection accuracy while outperforming the base individual models in terms of precision, recall, and F1-score. The results indicate the efficiency of ensemble learning for enhanced accuracy detection and false-positive reduction for Modbus networks. Future research will consider real-time testing, feature elimination, and explainable AI for higher operational deployment and scalability.