Secure and Resilient Cyberattack Detection in ICS Networks: Hybrid Encryption, Protocol Hardening, and Threat Hunting on ELECTRA Modbus Traffic

This paper utilizes the ELECTRA Modbus dataset to present a secure and resilient anomaly detection framework for Industrial Control Systems (ICS). The proposed system integrates multiple machine learning models—including Random Forest, Neural Network, XGBoost, and others—to detect cyber threats effectively. Binary classification achieved 100% accuracy, while multi-class attack identification reached 99.99% accuracy across all tested models. A hybrid cryptographic scheme combining AES in EAX mode and RSA-OAEP was employed to secure Modbus traffic, increasing entropy from 4.1 to 7.8 bits and providing resistance against entropy-based attacks. Protocol hardening techniques, such as field-level encryption, SHA-256-based integrity checks, and device-role authorization, collectively reduced the overall attack frequency by over 80%. To evaluate hardware-level deployment, the binary classification model was implemented on a Coral Dev Board, achieving a real-time detection latency of 0.38 seconds for both training and testing, thereby demonstrating suitability for edge-based ICS integration. Threat hunting capabilities were enhanced using K-Means clustering and Isolation Forest, enabling the identification of previously unknown attack patterns. This framework delivers a real-time, cryptographically secure, and lightweight defense mechanism against advanced cyber threats in ICS environments. Source code Github link: https://github.com/yanamalamunireddy-web/Secure-and-Resilient-Cyberattack-Detection-in-ICS-Networks.git.