An Experimental Study of Machine Learning-Based Intrusion Detection for OPC UA over Industrial Private 5G Networks
This addresses security vulnerabilities in industrial automation systems using OPC UA and private 5G, but it is incremental as it applies existing ML methods to a new combination of technologies.
The paper tackled the problem of detecting cyberattacks on OPC UA applications over private 5G networks by training supervised ML models on enriched traffic data, achieving high detection performance for specific attack scenarios.
Industrial deployments increasingly rely on Open Platform Communications Unified Architecture (OPC UA) as a secure and platform-independent communication protocol, while private Fifth Generation (5G) networks provide low-latency and high-reliability connectivity for modern automation systems. However, their combination introduces new attack surfaces and traffic characteristics that remain insufficiently understood, particularly with respect to machine learning-based intrusion detection systems (ML-based IDS). This paper presents an experimental study on detecting cyberattacks against OPC UA applications operating over an operational private 5G network. Multiple attack scenarios are executed, and OPC UA traffic is captured and enriched with statistical flow-, packet-, and protocol-aware features. Several supervised ML models are trained and evaluated to distinguish benign and malicious traffic. The results demonstrate that the proposed ML-based IDS achieves high detection performance for a representative set of OPC UA-specific attack scenarios over an operational private 5G network.