International Journal of Wireless and Microwave Technologies (IJWMT)
IJWMT Vol. 15, No. 6, 8 Dec. 2025
Cover page and Table of Contents: PDF (size: 817KB)
Ensemble Learning-Based Intrusion Detection System for Modbus-Enabled Industrial Networks
PDF (817KB), PP.54-70
Views: 0 Downloads: 0
Author(s)
Dadaso T. Mane
1
Vijay H. Kalmani
2,*
Sayali Aundhakar
1
Pranita Patil
1
Swati Patil
1
Tejal Yadav
1
Index Terms
Industrial Control Systems (ICS), SCADA, IDS, Machine Learning, Ensemble Learning, SVM, Random Forest, Adaptive boosting, K-Nearest Neighbors, Stacking Classifier
Abstract
Industrial Control Systems (ICS) and Modbus-enabled networks are facing escalating threats from sophisticated cyber-attacks, while current Intrusion Detection Systems (IDS) struggle to identify intricate and adaptive attacks. This study envisions an ensemble learning-based IDS for Modbus-enabled industrial networks using a real-like Modbus 2023 dataset for industrial networks. The proposed IDS combines four base classifiers, namely K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Random Forest (RF), and Adaptive Boosting (AdaBoost), using the stack ensemble framework, where Logistic Regression acts as the meta-classifier. Preprocessing involved PCAP capture and attack log synchronization, feature normalization, and one-hot encoding for balanced and accurate model training. Experimental evaluation demonstrated that the ensemble model has a 99.78% detection accuracy while outperforming the base individual models in terms of precision, recall, and F1-score. The results indicate the efficiency of ensemble learning for enhanced accuracy detection and false-positive reduction for Modbus networks. Future research will consider real-time testing, feature elimination, and explainable AI for higher operational deployment and scalability.
Cite This Paper
Dadaso T. Mane, Vijay H. Kalmani, Sayali Aundhakar, Pranita Patil, Swati Patil, Tejal Yadav, "Ensemble Learning-Based Intrusion Detection System for Modbus-Enabled Industrial Networks", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.15, No.6, pp. 54-70, 2025. DOI:10.5815/ijwmt.2025.06.05
Reference
[1]A. Andersson and Å. Grönlund, “A Conceptual Framework for E‐Learning in Developing Countries: A Critical Review of Research Challenges,” E J Info Sys Dev Countries, vol. 38, no. 1, pp. 1–16, July 2009, doi: 10.1002/j.1681-4835.2009.tb00271.x.
[2]M. S. Mohammed and H. A. Talib, “Using Machine Learning Algorithms in Intrusion Detection Systems: A Review,” Tikrit J. Pure Sci., vol. 29, no. 3, pp. 63–74, June 2024, doi: 10.25130/tjps.v29i3.1553.
[3]A. M. Y. Koay, R. K. L. Ko, H. Hettema, and K. Radke, “Machine learning in industrial control system (ICS) security: current landscape, opportunities and challenges,” J Intell Inf Syst, vol. 60, no. 2, pp. 377–405, Oct. 2022, doi: 10.1007/s10844-022-00753-1.
[4]A. Alharbi et al., “Analyzing the Impact of Cyber Security Related Attributes for Intrusion Detection Systems,” Sustainability, vol. 13, no. 22, p. 12337, Nov. 2021, doi: 10.3390/su132212337.
[5]M. A. Ayub, W. A. Johnson, A. Siraj, and D. A. Talbert, “Model Evasion Attack on Intrusion Detection Systems using Adversarial Machine Learning,” Institute Of Electrical Electronics Engineers, Mar. 2020, pp. 1–6. doi: 10.1109/ciss48834.2020.1570617116.
[6]S. Raghavan, “Digital forensic research: current state of the art,” CSIT, vol. 1, no. 1, pp. 91–114, Nov. 2012, doi: 10.1007/s40012-012-0008-7.
[7]A. H. Ali et al., “Unveiling machine learning strategies and considerations in intrusion detection systems: a comprehensive survey,” Front. Comput. Sci., vol. 6, June 2024, doi: 10.3389/fcomp.2024.1387354.
[8]B. A Kadheem Hammood and A. T Sadiq, “ENSEMBLE MACHINE LEARNING APPROACH FOR IOT INTRUSION DETECTION SYSTEMS,” ijci, vol. 49, no. 2, pp. 93–99, Dec. 2023, doi: 10.25195/ijci.v49i2.458.
[9]N. Thapa, B. Gokaraju, D. B. Kc, K. Roy, and Z. Liu, “Comparison of Machine Learning and Deep Learning Models for Network Intrusion Detection Systems,” Future Internet, vol. 12, no. 10, p. 167, Sept. 2020, doi: 10.3390/fi12100167.
[10]R. Lopez Perez, R. Soua, F. Adamsky, and T. Engel, “Machine Learning for Reliable Network Attack Detection in SCADA Systems,” Institute Of Electrical Electronics Engineers, Aug. 2018. doi: 10.1109/trustcom/bigdatase.2018.00094.
[11]L. A. C. Ahakonye, C. I. Nwakanma, J.-M. Lee, and D.-S. Kim, “Efficient Classification of Enciphered SCADA Network Traffic in Smart Factory Using Decision Tree Algorithm,” IEEE Access, vol. 9, pp. 154892–154901, Jan. 2021, doi: 10.1109/access.2021.3127560.
[12]A. Pinto, L.-C. Herrera, Y. Donoso, and J. A. Gutierrez, “Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure,” Sensors, vol. 23, no. 5, p. 2415, Feb. 2023, doi: 10.3390/s23052415.
[13]S. Sadhwani, M. A. H. Khan, P. M. Pawar, and R. Muthalagu, “BiLSTM-CNN Hybrid Intrusion Detection System for IoT Application,” Jan. 03, 2024, Research Square Platform Llc. doi: 10.21203/rs.3.rs-3820775/v1.
[14]J. Du, Y. Hu, K. Yang, and L. Jiang, “NIDS-CNNLSTM: Network Intrusion Detection Classification Model Based on Deep Learning,” IEEE Access, vol. 11, pp. 24808–24821, Jan. 2023, doi: 10.1109/access.2023.3254915.
[15]P. Sun et al., “DL-IDS: Extracting Features Using CNN-LSTM Hybrid Network for Intrusion Detection System,” Security and Communication Networks, vol. 2020, pp. 1–11, Aug. 2020, doi: 10.1155/2020/8890306.
[16]U. Ahmed et al., “Hybrid bagging and boosting with SHAP based feature selection for enhanced predictive modeling in intrusion detection systems,” Sci Rep, vol. 14, no. 1, Dec. 2024, doi: 10.1038/s41598-024-81151-1.
[17]R. Zhao, X. Wen, Y. Mu, and L. Zou, “A Hybrid Intrusion Detection System Based on Feature Selection and Weighted Stacking Classifier,” IEEE Access, vol. 10, pp. 71414–71426, Jan. 2022, doi: 10.1109/access.2022.3186975.
[18]W. Jiang, D. Shao, L. Ma, Z. Chen, Y. Xiang, and J. Zhang, “SSEM: A Novel Self-Adaptive Stacking Ensemble Model for Classification,” IEEE Access, vol. 7, pp. 120337–120349, Jan. 2019, doi: 10.1109/access.2019.2933262.
[19]F. Zhang, Z. Ren, and K. Li, “Improving Adversarial Robustness of Ensemble Classifiers by Diversified Feature Selection and Stochastic Aggregation,” Mathematics, vol. 12, no. 6, p. 834, Mar. 2024, doi: 10.3390/math12060834.
[20]T. Morris and W. Gao, “Industrial Control System Traffic Data Sets for Intrusion Detection Research,” Springer, 2014, pp. 65–78. doi: 10.1007/978-3-662-45355-1_5.
[21]W. Yusheng et al., “Intrusion Detection of Industrial Control System Based on Modbus TCP Protocol,” Institute Of Electrical Electronics Engineers, Mar. 2017, pp. 156–162. doi: 10.1109/isads.2017.29.
[22]I. N. Fovino, A. Trombetta, T. De Lacheze Murel, M. Masera, and A. Carcano, “Modbus/DNP3 State-Based Intrusion Detection System,” Institute Of Electrical Electronics Engineers, Apr. 2010. doi: 10.1109/aina.2010.86.
[23]A. Khraisat, P. Vamplew, J. Kamruzzaman, and I. Gondal, “Survey of intrusion detection systems: techniques, datasets and challenges,” Cybersecur, vol. 2, no. 1, July 2019, doi: 10.1186/s42400-019-0038-7.
[24]Z. Azam, M. N. Huda, and M. M. Islam, “Comparative Analysis of Intrusion Detection Systems and Machine Learning-Based Model Analysis Through Decision Tree,” IEEE Access, vol. 11, pp. 80348–80391, Jan. 2023, doi: 10.1109/access.2023.3296444.
[25]R. Wang, M. Karuppiah, Z. Zhang, X. Li, P. Vijayakumar, and J. Lai, “Privacy-Preserving Federated Learning for Internet of Medical Things under Edge Computing.,” IEEE J. Biomed. Health Inform., vol. PP, no. 2, pp. 854–865, Feb. 2023, doi: 10.1109/jbhi.2022.3157725.
[26]X. Wang et al., “Towards Accurate Anomaly Detection in Industrial Internet of Things Using Hierarchical Federated Learning,” IEEE Internet Things J., vol. 9, no. 10, pp. 7110–7119, Apr. 2021, doi: 10.1109/jiot.2021.3074382.
[27]A. A. Wardana, P. Sukarno, and G. Kołaczek, “Lightweight, Trust-Managing, and Privacy-Preserving Collaborative Intrusion Detection for Internet of Things,” Applied Sciences, vol. 14, no. 10, p. 4109, May 2024, doi: 10.3390/app14104109.
[28]A. Sasikumar et al., “Blockchain-Assisted Hierarchical Attribute-Based Encryption Scheme for Secure Information Sharing in Industrial Internet of Things,” IEEE Access, vol. 12, pp. 12586–12601, Jan. 2024, doi: 10.1109/access.2024.3354846.
[29]E. Ashraf, N. F. F. Areed, H. Salem, E. H. Abdelhay, and A. Farouk, “FIDChain: Federated Intrusion Detection System for Blockchain-Enabled IoT Healthcare Applications.,” Healthcare, vol. 10, no. 6, p. 1110, June 2022, doi: 10.3390/healthcare10061110.
[30]K. A. Kumar, A. Dhar, and I. Chauhan, “Enhanced Credit Card fraud Detection Using iForest Classifier of ensemble Learning with Automated Hyperparameter Tuning,” International Journal of Education and Management Engineering, vol. 15, no. 1, pp. 52–60, Feb. 2025, doi: 10.5815/ijeme.2025.01.05.
[31]D. Uhryn, V. Vysotska, D. Zadorozhna, M. Spodaryk, K. Hazdiuk, and Z. Hu, “Intelligent application for predicting diabetes spread risk in the world based on machine learning,” International Journal of Intelligent Systems and Applications, vol. 17, no. 3, pp. 90–144, May 2025, doi: 10.5815/ijisa.2025.03.06.
[32]N. Fayzullo, R. Akbar, and Y. Sherzodjon, “Determining the number of effective distributions based on neural network ensemble,” International Journal of Intelligent Systems and Applications, vol. 17, no. 4, pp. 69–77, Jul. 2025, doi: 10.5815/ijisa.2025.04.07.
[33]S. A. Hamim, R. S. Aftab, M. Ahmed, F. Faiza, and M. F. Mridha, “Advanced heart attack prediction using a stacked ensemble machine learning model and diverse data integration,” I.J. Intelligent Systems And Applications, pp. 49–67, 2025, doi: 10.5815/ijisa.2025.05.04.
[34]G. Ravikumar, J. R. Babu, A. Singh, M. Govindarasu, and A. Moataz A, “D-IDS for Cyber-Physical DER Modbus System - Architecture, Modeling, Testbed-based Evaluation,” Institute Of Electrical Electronics Engineers, Oct. 2020, pp. 153–159. doi: 10.1109/rws50334.2020.9241259.
[35]P. Dini, A. Begni, K. Gasmi, A. Elhanashi, Q. Zheng, and S. Saponara, “Overview on Intrusion Detection Systems Design Exploiting Machine Learning for Networking Cybersecurity,” Applied Sciences, vol. 13, no. 13, p. 7507, June 2023, doi: 10.3390/app13137507.
[36]T. T. Khoei, G. Aissou, W. C. Hu, and N. Kaabouch, “Ensemble Learning Methods for Anomaly Intrusion Detection System in Smart Grid,” Institute Of Electrical Electronics Engineers, May 2021, pp. 129–135. doi: 10.1109/eit51626.2021.9491891.
[37]M. Alalhareth and S.-C. Hong, “Enhancing the Internet of Medical Things (IoMT) Security with Meta-Learning: A Performance-Driven Approach for Ensemble Intrusion Detection Systems.,” Sensors, vol. 24, no. 11, p. 3519, May 2024, doi: 10.3390/s24113519.
[38]P. Radoglou Grammatikis, P. Sarigiannidis, E. Panaousis, and G. Efstathopoulos, “ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid.,” Sensors, vol. 20, no. 18, p. 5305, Sept. 2020, doi: 10.3390/s20185305.
[39]W. Lee, A. Thomas, N. Balwalli, Y. Zhang, S. Saluja, and J. B. D. Cabrera, “Performance Adaptation in Real-Time Intrusion Detection Systems,” Springer Berlin Heidelberg, 2002, pp. 252–273. doi: 10.1007/3-540-36084-0_14.
[40]Kwasi Boakye-Boateng, Ali A. Ghorbani, and Arash Habibi Lashkari, "Securing Substations with Trust, Risk Posture and Multi-Agent Systems: A Comprehensive Approach," 20th International Conference on Privacy, Security and Trust (PST), Copenhagen, Denmark, August. 2023.