A Hybrid Machine Learning Approach for Cyberattack Detection and Classification in SCADA Systems: A Hydroelectric Power Plant Application

SCADA systems, widely used in critical infrastructure, are becoming increasingly vulnerable to complex cyber threats, which can compromise national security. This study presents an artificial intelligence-based approach aimed at the early and reliable detection of cyberattacks against SCADA systems. The study physically scaled the SCADA communication architecture of a hydroelectric power plant and created a suitable test environment. In this environment, in addition to the benign normal state, attack scenarios such as Man-in-the-Middle (MITM), Denial-of-Service (DoS), and Command Injection were implemented while the process created for the system’s operation was running continuously. While the scenarios were being implemented, the SCADA system was monitored, and network data flow was collected and stored for later analysis. Basic machine learning algorithms, including KNN, Naive Bayes, Decision Trees, and Logistic Regression, were applied to the obtained data. Also, different combinations of these methods have been tested. The analysis results showed that the hybrid model, consisting of a Decision Tree and Logistic Regression, achieved the most successful results, with a 98.29% accuracy rate, an Area Under the Curve (AUC) value of 0.998, and a reasonably short detection time. The results demonstrate that the proposed approach can accurately classify various types of attacks on SCADA systems, providing an effective early warning mechanism suitable for field applications.