An Experimental Study of Machine Learning-Based Intrusion Detection for OPC UA over Industrial Private 5G Networks

TL;DR

This study evaluates machine learning-based intrusion detection systems for OPC UA communications over private 5G networks, demonstrating high detection accuracy for various cyberattack scenarios in industrial environments.

Contribution

It provides an experimental analysis of ML-based intrusion detection tailored for OPC UA over private 5G, addressing a gap in understanding attack surfaces and traffic characteristics.

Findings

ML-based IDS achieves high detection accuracy

Effective feature extraction improves detection performance

Demonstrates viability of ML for industrial network security

Abstract

Industrial deployments increasingly rely on Open Platform Communications Unified Architecture (OPC UA) as a secure and platform-independent communication protocol, while private Fifth Generation (5G) networks provide low-latency and high-reliability connectivity for modern automation systems. However, their combination introduces new attack surfaces and traffic characteristics that remain insufficiently understood, particularly with respect to machine learning-based intrusion detection systems (ML-based IDS). This paper presents an experimental study on detecting cyberattacks against OPC UA applications operating over an operational private 5G network. Multiple attack scenarios are executed, and OPC UA traffic is captured and enriched with statistical flow-, packet-, and protocol-aware features. Several supervised ML models are trained and evaluated to distinguish benign and malicious traffic. The results demonstrate that the proposed ML-based IDS achieves high detection performance for a representative set of OPC UA-specific attack scenarios over an operational private 5G network.