An Enriched RPCO-BCNN Mechanisms for Attack Detection and Classification in SCADA Systems

Providing security to the Supervisory Control and Data Acquisition (SCADA) systems is one of the demanding and crucial tasks in recent days, due to the different types of attacks on the network. For this purpose, there are different types of attack detection and classification methodologies have been developed in the conventional works. But it limits with the issues like high complexity in design, misclassification results, increased error rate, and reduced detection efficiency. In order to solve these issues, this paper aims to develop an advanced machine learning models for improving the SCADA security. This work comprises the stages of preprocessing, clustering, feature selection, and classification. At first, the Markov Chain Clustering (MCC) model is implemented to cluster the network data by normalizing the feature values. Then, the Rapid Probabilistic Correlated Optimization (RPCO) mechanism is employed to select the optimal features by computing the matching score and likelihood of particles. Finally, the Block Correlated Neural Network (BCNN) technique is employed to classify the predicted label, where the relevancy score is computed by using the kernel function with the feature points. During experimentation, there are different performance indicators have been used to validate the results of proposed attack detection mechanisms. Also, the obtained results are compared with the RPCO-BCNN mechanism for proving the superiority of the proposed attack detection system.


I. INTRODUCTION
In the recent days, the Supervisory Control and Data Acquisition (SCADA) [1], [2] is one of the widely used control systems in the industrial sectors like traffic maintenance, electric power generation, nuclear systems, water/waste water treatment oil mining, and space stations. It is highly important to secure the SCADA systems against the attacking activities of malfunctioning and threatening [3]- [5]. The present SCADA systems comprise certain security features (such as user interfaces, communication, and control logic), which helps to increase the system complexity, but maintaining those The associate editor coordinating the review of this manuscript and approving it for publication was Khmaies Ouahada .
features is one the critical task [6]. Moreover, controlling the large amount of data in SCADA systems is highly difficult due to the data loss availability, which makes the architecture is more vulnerable to the attackers. The general communication structure [7] of SCADA systems is depicted in Fig 1, which contains the components of master station unit, subcontrol unit, Programmable Logic Controller (PLC), Remote Terminal Unit (RTU) and Intelligent End Device (IED).
Typically, the attack detection [8]- [10] in SCADA network or mining system is performed based on the dynamic update of data obtained from the network database. In the traditional works, there are different optimization and classification methods [11]- [13] have been developed for attach prediction in SCADA systems. Also, the matching prediction is highly complicated due to the presence of more irrelevant features in the database [14]. Thus, the existing works could use the machine learning techniques [15], [16] for selecting the best matching features between the query data and set of extracted features. The different types of machine learning [2], [17]- [20] techniques used in the conventional works are Support Vector Machine (SVM), Relevance Vector Machine (RVM), Neural Networks (NN), and other deep learning models. In which, the sequence pattern analysis and neural network techniques are widely used for identifying the attacking activities based on the relevant features. Still, it facing the challenges in predicting the accurate class of data with respect to the large amount of node characteristics. In order to solve this problem and to increase the classification accuracy, an improved feature optimization and classification methodologies are implemented in the proposed work. The major objectives behind this work are as follows: • To pre-process the given data by eliminating the irrelevant information and to offer the normalized output data, the Markov Chain Clustering (MCC) mechanism is utilized in the attack detection system.
• To reduce the time complexity of processing the large amount of sensor data with best feature selection, a new optimization technique, named as, Rapid Probabilistic Correlated Optimization (RPCO) is developed.
• To improve the attack classification performance by identifying the best matching features, the Block Correlated Neural Network (BCNN) based classifier is implemented. The remaining sections of this paper are structuralized as follows: the conventional feature optimization and classification techniques related to the SCADA attack detection process are reviewed in Section II. Then, the detailed description about the proposed RPCO-BCNN attack detection and classification system is presented in Section III. The experimental and comparative analysis of both existing and proposed techniques are validated in Section IV. Finally, the overall paper is concluded with its future scope in Section V.

II. RELATED WORKS
This section reviews the conventional feature extraction, optimization, and classification methodologies used for improving the security of SCADA systems. Typically, the SCADA systems [21] are extensively used monitoring and controlling the distribution networks for ensuring the reliability and maintaining the operational cost consumption of network. Due to the increased utilization of SCADA systems [22], it is very challenging task for providing security to these control systems. Also, the reliability and security [23] are the major factors that must be addressed for ensuring the reliability of SCADA networks. The cyber-security [24] is one of the key issue involved in the SCADA systems, because the cyber-attacks could damage the components and performance of controlling system. So, it must be addressed by deploying the proper risk assessment and security mechanisms. This paper [25] intends to detect the malicious activities on the SCADA systems by using the temporal pattern analysis model. It finds the set of temporal patterns and used as the feature vectors for improving the attack recognition performance of classifier. A semi-supervised learning [26] methodology has been utilized to detect the anomalies by increasing the cyber-defense capabilities of SCADA systems. The cyber-physical systems [27] are monitored and controlled with the deployment of SCADA systems, which facilitates an efficient cyber-physical operations against the harmful attacks.
Ghosh and Sampalli [28] presented a comprehensive survey on various security standards and protocol layers used for establishing the secure communication in SCADA systems, where the mechanisms are reviewed under the categories of attack prevention and detection. The SCADA network could face different types of security threats such as data repudiation, loss of integrity, confidentiality, and availability. Moreover, this paper investigates the major security guidelines and crypto suits used in the recent days for SCADA systems. Based on this study, it is analyzed that providing endto-end security and addressing the key management issues are need to be highly concentrated in the SCADA network for an efficient attack detection and prevention processes. In paper [6], the special features are illustrated for improving the security of SCADA systems. For this analysis, the gas pipeline dataset has been utilized to validate the efficiency of the decision tree mechanism. Moreover, the different types of metrics used for the implementation of IDS in SCADA systems are also discussed, which includes application logs, host logs, physical metrics and network traffic Here, the network and payload based feature attributes are mainly considered for classification, in which the network feature set contains five different types of attributes, and payload set contains 12 different attributes. Based on this study, it is observed that the performance of SCADA-IDS systems are highly depends on the set of features used for classification. In paper [9], a clear survey is presented about the different types of security protocols, and threats in SCADA system. Also, it discussed about various communication protocols used in the SCADA systems with its corresponding data rates, maximum distance measures, and topologies.
Ferrag et al. [29] investigated the performance of seven different deep learning mechanisms used for developing a cyber-security IDS, where the dataset selection plays a vital role for the detection of intrusions. For this analysis, around 35 distinct datasets have been utilized for estimating the efficiency and accuracy of deep learning models. Gumaei et al. [4] developed a new security control approach for efficiently detecting the cyber-attacks by the use of correlation based feature selection mechanism. The main intention of using this technique is to improve the attack detection efficiency by removing the irrelevant features. Then, these optimal set of features are used by the Instance based Learning (IBL) classification technique for predicting the cyber-attacks from the dataset. From this work, it is studied that the accuracy and detection performance of IDS is highly depends on the optimal set of features. In work [30], an integrated framework has been developed for detecting anomalies using the cyber-physical systems with the help of Gaussian Mixture Model (GMM) and Kalman Filtering (KF) approach. For this analysis, two different public datasets such as UNSW-NB15 and power system are utilized to assess the performance of suggested framework. Based on this concept, it is analyzed that privacy preservation and anomaly detection are the most essential factors for improving the security of SCADA systems. Khan and Serpen [2] analyzed the impacts of some common threats against SCADA systems such as MPCI, MSCI, DoS, MFCI, Recon, CMRI and NMRI. Here, a binary classification technique is utilized to categorize the normal and attacking classes based on the set of patterns. To validate the performance of the technique, there are different types of datasets have been tested in this work.
Khan et al. [11] developed a hybrid model for automatically predicting the anomalies in SCADA systems by using the reliable feature extraction mechanism. Here, three different feature reduction mechanisms such as Independent Component Analysis (ICA), Principal Component Analysis (PCA), and Canonical Correlation Analysis (CCA) have been utilized to reduce the dimensionality of features for improving the accuracy of intrusion detection and classification.
Krithivasan et al. [31] deployed a hypergraph based CNN model for the detection of cyber-attacks in an Industrial Control System (ICS) with the use of PCA based dimensionality reduction mechanism. The motive of this paper is to minimize the input feature space for eliminating the Geometrical features based on the Helly property of hypergraph, which helps to obtain a reduced false positives and increased precision values. Based on this work, it is analyzed that the uninformative features could degrade the performance of entire attack detection and classification system. For this purpose, the most set of features are selected by using the PCA model and, the optimal feature attributes are fed to the CNN model for predicting the anomalies. Lai et al. [18] intended to extract the critical features by using the CNN for improving the efficiency of attack detection in SCADA systems. Here, the strong correlation between the feature vectors are estimated for the detection of anomalies with the help of feature mapping model. The main concentrations behind this work are ensure the timely attack prediction, to obtain the reduced cost of error, and to improve the ability of imbalanced data handling. From this work, it is studied that the efficiency of attack classification is based on the feature selection and imbalance data processing models. Table 1 presents the survey on various existing techniques used attack detection and classification in SCADA systems, which also discuss about the advantages of disadvantages of each technique.
From this above survey, it is analyzed the attack detection and classification on SCADA systems is highly depends on the features of dataset, which plays a vital role in many SCADA application systems. Also, the entire performance of classification system is based on the set of attributes extracted from the input data. Moreover, the detection efficiency and accuracy are considered as the major measures and extensively used for evaluating the effectiveness of SCADA systems.

III. PROPOSED METHODOLOGY
This section presents the clear illustration about the proposed attack detection and classification mechanisms used for SCADA security. Here, a combination of RPCO-BCNN mechanisms are implemented for accurately detecting the attacks from the given dataset. The novel contribution behind this work is based on the selection of optimal parameters used for improving the security of SCADA network architecture. Here, the RPCO technique is implemented to select the most suitable parameters by reducing the set of features, which helps to reduce training time of classifier. The major parameters considered during this process are entropy, output weights of sensors, energy properties, trust ratings, Lebesgue measure, probability density of sequence, overall power, likelihood ratio, average sigma parameter, and amount of packets transmitted. Based on the optimized set of features, the BCNN classification technique accurately predicts the intrusions from the given datasets. Moreover, it separates the dataset into various blocks according to the clustered index obtained from MCC, then it finds the relevancy between the training and testing feature sets. This type of optimal clustering and classification of SCADA dataset can efficiently improves the accuracy of entire system.
The overall flow of the proposed system is depicted in Fig 2, which comprises the following working stages: 1. Preprocessing 2. Feature Selection based optimization 3. Classification  At first, the given input dataset is preprocessed for eliminating the irrelevant information and to perform the attribute labeling process. Then, the cluster points are initialized from the preprocessed dataset for organizing the feature sets. During the dataset training, the RPCO technique is implemented to perform the relevancy mapping between the query data and entire dataset. Based on the relevancy level, the best optimal features are selected and are given to the input of BCNN classification technique. Then, it predicts the output label as whether normal or abnormal by estimating the matching score of the correlated blocks. The major benefits of the proposed RPCO-BCNN techniques are reduced time complexity, accurate detection, ability of handling large datasets, and improved classification performance.

A. PREPROCESSING
Typically, the value of the raw dataset should be improved because that has the strong influence on determining the overall performance of the SCADA systems. At first, the original SCADA network input dataset is preprocessed for manipulating the data based on the concepts of normalization, balancing, segmentation, and removal of irrelevant information. For this purpose, the Markov Chain Clustering (MCC) model is implemented in this work, which performs both the data preprocessing and clustering for improving the quality of data. After loading the dataset, the attribute labeling, initialization of cluster index, and segmentation can be performed for arranging the feature values. In this algorithm, the original network data H D s taken as the input and the clustered network data is obtained as the output. At first, the feature values of the given data can be normalized with respect to the minimum and maximum values as shown in below: where, H N is the normalized dataset, H Dmin indicates the minimum value and H Dmax represents the maximum value. Then, the features in the normalized data can be arranged based on the number of number of rows and columns in the dataset, which is represented as follows: where, m and n represents the row and column size of feature set respectively. Consequently, the distance D i between the particles F i e computed as shown in below: Consequently, the weight value ωf the MARKOV model is estimated for the normalized data based on the distance computation.
If the present weight value is greater than the previous one, the grouping can be performed. The algorithmic steps involved in the MCC clustering technique are illustrated as follows:

B. RPCO OPTIMIZATION
Typically, the data points of the feature vectors are not in a complete form, which leads to a misclassified results at the Algorithm I -MCC Clustering Input: Network Data H D Output: Clustered Network Data T D Step 1: Normalize the feature value of input network data by using equation (1).
Step 2: The features in the normalized data can be arranged by using equation (2). Step 3: Estimate the distance between particles as shown in equation (3).
Step 4: Calculate weight value of Markov model using equation (4).
If ω (i) < ω (i + 1)() then time of classification. So, it must be solved by implementing an optimization technique for selecting the most suitable features. Thus, the RPCO mechanism is designed in this work, which helps to improve the classification accuracy by selecting the best feature attributes from the input set of input feature vectors. The main motive of using this technique is to extract the optimal set of features from the preprocessed data based on the best parameter selection process. The different types of parameters considered in this work are 1. Entropy 2. Output weight of sensors 3. Energy properties 4. Trust ratings 5. Lebesgue measure 6. Probability density of sequence 7. Overall power 8. Average sigma 9. Amount of packets transmission 10. Likelihood ratio In this mechanism, different parameters have been optimally selected and its fitness functions are computed for improving the convergence speed of each and every iteration. These attributes are used to simplify the process of classifier and training and testing with reduced computational complexity. Also, it helps to obtain an improved accuracy by integrating the objective functions with the selected feature attributes.
After pre-processing, the optimal set of features are selected from the training dataset by using the RPCO mechanism. The intention of implementing this optimization technique is to reduce the number of input features based on the fitness function. In which, the learning features have been computed with respect to the weight and distance values. The major benefit of using this technique is, it evaluates the separate data features that are related to each class. The clustered network data TD is given as the input for this technique, and it provides the optimal selection of attributes T D (s)s the output. Here, the m number of particles x are initialized with the weight value of ω i which is computed as follows: where, ω i (n) represents the weight value of particles for i th iteration, and P n i indicates the potential of particle as represented as below: After finding the potential, the likelihood of the particles L m 1:i re estimated by using the following equation: Consequently, the weight value of each particle is updated based on the following: Then, the particle updating is performed as follows: After that, the maximum likelihood m * i and fitness values ω * i (n) re computed for the updated particles with respect to the weight value, which are represented as follows: Based the maximum likelihood, the coordinates particles are updated with the best fitness value. Fig 3 shows the convergence plot of RPCO based feature selection process, where the fitness is evaluated with respect to different iterations.

C. BCNN CLASSIFIER
During the attack classification process, the optimally selected features are given to both the training and testing dataset. For this purpose, the BCNN technique is designed in this work, which works based on the concept of NN algorithm. Also, this technique contains three operating layers such as input layer, hidden layer, and output layer. In which, the input layer accepts the selected features as the input data, and the classification processes are carried out in the hidden layer. Finally, the predicted class of label is produced as the result in the output layer. Based on the parameters of RPCO mechanism, the feature attributes are obtained and integrated as an objective function of optimization, which is used to improve the overall efficiency of classification. The novelty of this technique is, it separates the blocks of information for processing the given datasets, which is highly related to Algorithm II -RPCO Based Optimization Input: Clustered Network Data T D Output: Optimal selection of attributes T D (s) Step 1: For i 1 to M //Loop run for 'M' number of iteration.
Step 2: Initialize particles 'x'd the weight value 'ω i ' //'m' represents the number of particles Step 3: Compute the weight value ω i (n)f particles for i th iteration by using equation (5), and its potential of particles are defined as shown in equation (6).
Step 4: Estimate the likelihood of the particles by using equations (7) and (8).
Step 8: Find maximum fitness value by using equation (12).
Step 9: If (m * i > m * i−1 ) then Update coordinated of particles and get best fitness value If (L m 1:i ) > 0, then the parallel processing structure. So, it has the ability to process the large dimensional datasets in the form of correlated blocks by estimating the maximum correlation efficiency. Due to this process, the accuracy of classification has been increased with reduced number of features. Then, the BCNN technique utilize these optimally selected feature attributes for classifying the intrusions from the given datasets with high accuracy and efficiency. Also, it provided the benefits of high reliability, reduced computational complexity, and improved detection performance. After selecting the most suited features, the training set T D (s) can be given as the input for classification, and the classified result V (k) is obtained as the output. In this stage, the feature properties can be initialized based on the sequential order as shown in below: Then, the input data sequences are arranged in the matrix format at the input layer of the network for separating the blocks, which is represented as follows: Sequentially, the correlation features of each block are computed in order to arrange the matrix as represented as follows: where, 'T ' and 'T m ' represents the attribute values of matrix X D (s) Then, the kernel model of classifier is constructed with respect to the range of feature distance r and length of feature vector l which is illustrated based on the following model: Then, the relevancy level is estimated based on the kernel function with its corresponding feature points as shown in below: where, ω n indicates the weight value of attributes and F T is the feature points. Then, the network is constructed by extracting the training features, which is illustrated as follows: Based on the relevancy level, the matching score is computed for the correlated blocks by using the following model: where, the relevance factor Xd b ∈ R (T −T p) M s indicated by, where, P and Q T re the predicted components. Finally, the output predicted label can be represented with the help of distance matrix d ij and relevance matrix R values. The major advantages of the proposed RPCO-BCNN based IDS are listed as follows: 1. It provides an increased attack detection efficiency and accuracy by extracting the most suited feature attributes based on the optimal selection of parameters. 2. It increases the convergence speed of optimization by evaluating the fitness function for the specified attributes. 3. It has the ability to handle large dimensional datasets by splitting it into different types of blocks. Then, it parallelly processing these blocks based on the maximum correlation estimation.
Algorithm III-BCNN Classification Input: Training set T D (s) Output: Classified Result V (k) Step 1: The input series are arranged in the sequential as shown in equation (13) Step 2: In the input layer of neural network, the data sequence can be formed as the matrix based on equation (14) Step 3: Form the matrix arrangement, the block correlation feature can be estimated by F X D (s) .X * D (s) which is represented in equation (15).
Step 4: Estimate the kernel model of classifier by using equation (16).
Step 5: Estimate the relevancy using kernel function with feature points based on equations (17) and (18).
Step 6: Extract the training features and form the network by using equations (19) and (20).
Step 7: Estimate the matching score for the correlated blocks by using equations (21) and (22).

Step 8:
The predicted label can be provided as the output shown in equation (23). 4. It obtains high accuracy in attack detection by utilizing the optimal features for classification. 5. It consumes reduced amount of time due to the parallel processing of blocks.

IV. RESULTS AND DISCUSSION
This section evaluates the performance and analysis of both existing and proposed attack detection mechanisms by using various performance measures. It includes ROC analysis, False Negative Rate (FNR), Error Rate (ER), precision, recall, and F1-measure. Table 2 describes the different types of datasets used in this work for evaluating the performance of proposed system. Here, the real time dataset, named as, Cyber-Physical Model is taken for evaluating the performance of the proposed mechanism. This dataset details are presented in  Table 3 with the information of different attacks, description, number of samples, and number of attacking samples. It contains the information related to the series of real world attacks on SCADA system like cyber-attack against the Ukrainian power grid. In addition to that, some other existing datasets such as ICS network traffic dataset [33], real vehicle dataset [34], CSE-CIC-IDS 2018, and Bot-IoT [29] are also used to test and compare the performance of the proposed technique.
For the Cyber Physical model dataset, the confusion matrix has been defined for both existing and proposed techniques with respect to the different types of attacks as shown in Table 4 and Table 5. From the analysis, it is clear that the proposed RPCO-BCNN technique provides the reduced FPs and FNs by accurately predicting the attacks from the real time dataset. The values are comparatively improved than the existing method, because the optimal parameter selection based feature attributes extraction helps to improve the accuracy of classification approach.
Then, the real vehicle dataset contains the logging information of network traffic and injected fabricated messages. Table 6 presents the total number of normal and injected messages with respect to different types of attacks such as DoS attack, fuzzy attack, gear spoofing and RPM. Typically, the DoS attack intends to damage the availability of normal   network operations. Then, the fuzzy attack is more similar to the DoS attack, but it performs malfunctioning on the vehicles. Similarly, the gear and RPM spoofing attacks contains the messages related to the drive gear and RPM gauge, which affects the instrument panel. Table 7 and 8 depicts the confusion matrix of both existing DCNN and proposed RPCO-BCNN techniques with respect to five different types of attacks represented in Dataset 2. Here, the confusion matrix is formed to analyze the accuracy of classifier based on the differential ratio of the sum of values mentioned in the diagonal matrix with respect to the values in other side. Moreover, the overall efficiency and accuracy of the attack detection system can be determined based on the confusion matrix. Here, the matrix is constructed for both existing and proposed techniques based on the detection of number of attacks in the entire dataset 2. From the evaluation, it is evident that the RPCO-BCNN technique exactly detects the types of attacks from the dataset, when compared to the conventional DCNN technique.    varying TPR and FPR values. Here, the ROC is evaluated for each attack mentioned in the vehicle dataset. Generally, the ROC can be estimated to validate the performance of classification technique with respect to varying threshold values. From the results, it is analyzed that the RPCO-BCNN technique outperforms the DNN technique by providing an improved results for all types of attacks. Table 4 and Fig 9 compares the existing and proposed attack detection methodologies based on the measures of sensitivity, specificity, precision, F1-measure, and Matthews Correlation Coefficient (MCC). Typically, the sensitivity is defined based on the ratio of the number of TP rate and the value of TP with FN. Similarly, the specificity is defined by the ratio of VOLUME 9, 2021   the TN and TN with FP, which are illustrated as follows:  Moreover, the measures of precision, recall, MCC and F1 score are used to determine that how the classifier could actually predict the accurate values during the attack detection process. The sensitivity is also termed as recall, and the other measures are calculated as follows (26)- (31), as shown at the bottom of the next page, where, TP indicates the True Positive, TN represents the True Negative, FP defines the False Positive, and FN represents the False Negative. Table 9 compares the accuracy, detection rate and f1-score of both existing and proposed intrusion detection approaches used in the SCADA security systems, which includes the existing techniques of decision tree, boosted decision, decision jungle, and risk assessment model. From the evaluation, it is observed that the RPCO-BCNN technique outperforms the other techniques by accurately detecting the intrusions from the given dataset based on the optimal number of feature selection and classification process. This shows the overall effectiveness of the proposed technique, when compared to the other existing techniques.

C. OVERALL PERFORMANCE EVALUATION
Moreover, the relevancy level of actual and predicted class labels can be estimated based on the classified outcomes, which ensures an improved performance of the proposed technique with reduced training level. From Table 10, it is evident that the RPCO-BCNN technique provides an increased sensitivity, specificity, precision, f1-score, kappa coefficient and MCC values, when compared to the DNN technique. Because, the clustering based optimization technique helps  the classifier to accurately predict the attacks as normal or malicious.
Moreover, the overall effectiveness of the attack detection mechanism is highly depends on the measure of accuracy. It is calculated based on the percentage of accurately detected flows with respect to the total number of predictions as shown in below: techniques. This result indicated that the proposed technique provides an increased accuracy value, when compared to the other techniques by estimating the matching score based on the number of trained features.
Moreover, the error rate Fig 12 represents the error rate and FPR of existing DNN and proposed RPCO-BCNN techniques, which are calculated as follows: Error rate = 1 − Overall accuracy (34) In which, the increasing value of TPR ensures an improved accuracy, and the FPR is inversely proportional to TPR. The lowest FPR confirms the reduced error rate of classifier with misclassified results. Then, these results indicated that the proposed RPCO-BCNN outperforms the DNN technique with reduced error rate and FPR values.

D. DETECTION EFFICIENCY
The measure of detection rate is used to estimate the attack identification efficiency of the classification technique. In Fig 13 and Table 11, the detection efficiency of both existing [11] and proposed classification techniques are evaluated   Table 12 and Fig 14 shows the kappa-coefficient of both existing and proposed classification techniques, which is one of the extensively used measure for testing the exactness of classifier and is estimated as follows: Based on this analysis, it is evident that the RPCO-BCNN technique outperforms the other techniques with increased kappa coefficient.        any classification technique is highly depends on the measures of accuracy, precision, recall and f-measures. From the results, it is evident that the RPCO-BCNN technique offers an increased performance rate (around 99%), when compared to the other techniques. Because, the RPCO technique optimally selects the attributes based on the estimation of maximum likelihood and fitness function, which helps to improve the overall performance of the classification system.     Table 16 compares the existing and proposed classification techniques based on the different measures of precision, recall, F1-score, error rate and FNR. Also, various classification techniques compared in this analysis are reduced inception-ResNet, LSTM (256 hidden units), ANN (2 hidden layers), Support Vector Machine (SVM), k-Nearest Neighbour (kNN) k = 5, Naïve Bayes (NB), and Decision Tree (DT). Based on these results, it is clear that the proposed RPCO-BCNN technique provides an increased precision, recall, F1-score and, reduced FNR and error rate, which VOLUME 9, 2021 shows the overall efficacy of the proposed attack classification system. Table 17 evaluates the average classification accuracy of the existing [10] and proposed classification techniques with respect to the average and standard deviation measures. From the results, it is concluded that the RPCO-BCNN technique performs better than the other methods with increased training and testing values.

V. CONCLUSION
This paper proposed an advanced RPCO-BCNN mechanisms for accurately detecting and classifying the attacks in the SCADA systems. The main intention of this work is to provide an optimal solution for detecting the abnormal activities in the network architecture. Then, this objective is attained by applying the data clustering and feature selection models. Here, the MCC clustering technique is utilized to preprocess the input dataset by eliminating the noise contents and cluster the attribute labels. Then, the RPCO based feature selection mechanism is implemented to compute the best fitness function based on the weight value of each particle. Consequently, the BCNN technique is deployed to classify the predicted label as attack or non-attack based on the set of selected features. The main advantage of this work is, it selected the best suited features with reduced computational time. Also, the performance of this model is validated by using two different datasets such as ICS network traffic data, and real time vehicle dataset. The various evaluation metrics used in this analysis are sensitivity, specificity, accuracy, precision, f1-score, error rate, kappa-coefficient, and FPR. In addition to that, the obtained values of the proposed RPCO-BCNN is compared with some other conventional classification techniques. From the results, it is proved that the RPCO-BCNN technique outperforms the other technique with improved detection efficiency and overall performance. In future, this work can be extended by implementing a deep learning model for increasing the security of SCADA systems.
In future, this work has been extended by implementing a new prototype model for analyzing the different types of SCADA networking datasets. Also, an advanced risk assessment strategy can be employed for differentiating the different types of attacks by optimally tuning the parameters.
THANIKANTI SUDHAKAR BABU (Senior Member, IEEE) received the B.Tech. degree from Jawaharlal Nehru Technological University, Anantapur, India, in 2009, the M.Tech. degree in power electronics and industrial drives from Anna University, Chennai, India, in 2011, and the Ph.D. degree from VIT University, Vellore, India, in 2017.
He is currently working as an Associate Professor with the Department of Electrical Engineering, Chaitanya Bharathi Institute of Technology (CBIT), Hyderabad, India. He had completed his Postdoctoral Researcher Fellowship from the Institute of Power Engineering, Universiti Tenaga Nasional (UNITEN), Malaysia. Before to that, he was worked as an Assistant Professor at the School of Electrical Engineering, VIT University. He has published more than 80 research articles in various renowned international journals. His research interests include the design and implementation of solar PV systems, renewable energy resources, power management for hybrid energy systems, storage systems, fuel cell technologies, electric vehicles, and smart grids. He has been acting as an Associate Editor of IET RPG, IEEE ACCESS, ITEES (Wiley), Frontiers in Energy Research, a Section Editor of Energies and Sustainability (MDPI Publications), and a reviewer for various reputed journals.
HASSAN HAES ALHELOU (Senior Member, IEEE) was with the School of Electrical and Electronic Engineering, University College Dublin, Ireland. He is currently with Tishreen University, Syria. He has participated in more than 15 industrial projects. He has published more than 160 research articles in high-quality peer-reviewed journals and international conferences. He is included in the 2018 Publons list of the top 1% best reviewer and researchers in the field of engineering in the world. His research interests include power system operation, power system dynamics and control, smart grids, microgrids, demand response, and load shedding. He was a recipient of the Outstanding Reviewer Award from many journals, such as Energy Conversion and Management (ECM), ISA Transactions, and Applied Energy. He was also a recipient of the Best Young Researcher in the Arab Student Forum Creative among 61 researchers from 16 countries at Alexandria University, Egypt, in 2011. He has performed more than 800 reviews for high prestigious journals, including IEEE TRANSACTIONS ON