Machine Learning (ML) –Based Cyber Threat Modelling for Industrial Control Systems in critical Infrastructure

Abstract

ICS are operational systems that jot up the backbone of critical infrastructure systems like energy, water, transportation, and manufacturing. The rising integration of the operational and information technology has greatly broadened the cyber-attack surface of these systems to advanced and persistent threats that cannot be easily stopped using conventional rule-based security measures. Cyber threat modelling with the use of machine learning (ML) has become a potential activity that can improve the performance of cyber threat detection, analysis, and prediction in ICS environments. This paper analyses the use of ML in the context of cyber threat modelling in critical infrastructure with respect to the capability of detecting abnormal behaviour, discovering never-before-seen attack patterns, and helping to motivate mitigation of risk earlier. The abstract covers the popular ML paradigms in the context of ICS security, such as supervised, unsupervised, and hybrid learning models, and their application in the industrial network structure, such as the SCADA systems and programmable logic controllers. The main issues associated with data quality, model explanation, real-time application, and safety of operations are also discussed. In general, ML-based cyber threat modelling offers a strategic channel of enhancing resilience, situational awareness, and adaptive defense capacity within ICS-driven critical infrastructure.