A Multi-Component Deep Learning Approach for Cyber Attack Detection in Critical Infrastructure SCADA Systems

Industrial control networks based on Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems require reliable, scalable, and generalisable attack detection mechanisms in the face of increasing cyber threats. However, a large portion of the datasets commonly used in the literature are based on general-purpose network traffic and do not adequately reflect the cyclical, deterministic, and process-oriented communication structure of industrial protocols such as Modbus/TCP. In this study, a completely isolated virtual SCADA environment was designed to address this limitation. A SCADA-specific, multi-class attack dataset called SCADANet has been created, containing nine different attack scenarios generated concurrently with legitimate network traffic. In this context, a hybrid deep learning architecture consisting of parallel dilated Convolutional Neural Network (CNN) structures, Residual-SE blocks, and Long Short-Term Memory (LSTM) layers, capable of modelling multi-scale spatial patterns and temporal dependencies together, has been recommended. To examine the generalisability of the proposed approach, the developed model was tested on both the SCADANet dataset and the WUSTL-IIoT-2021 dataset, which is widely used in the literature. Experimental results show that the proposed architecture achieves high accuracy and macro F1-score on both datasets, particularly demonstrating a significant increase in sensitivity in minority attack classes. Furthermore, the ablation study conducted reveals that each component in the architecture contributes meaningfully and complementarily to the overall performance. The findings demonstrate that the proposed deep learning-based approach can effectively model traffic characteristics specific to SCADA systems and exhibits stable attack detection performance across different data sources. In this respect, the study makes important methodological and experimental contributions to the literature on cyber attack detection in SCADA-based critical infrastructure systems.