Feature Engineering for High-Accuracy Discrimination Between TCP SYN and Modbus Query Flooding Attacks in Industrial Cloud Environments

Authors

  • Murooj Fadhil Zaiter Department of Big Data Analysis and Methods of Analysis Institute of Radio Electronics and Information Technologies, Ural Federal University, Ekaterinburg, Russia
  • Ahmed Saadi Abdullah bDepartment of Computer Science, College of Computer Science & Mathematics, Tikrit University, Tikrit, Iraq
  • Mohammed Mahde Mahmood Department of Big Data Analysis and Methods of Analysis Institute of Radio Electronics and Information Technologies, Ural Federal University, Ekaterinburg, Russia
  • Majid Hamid Ali bDepartment of Computer Science, College of Computer Science & Mathematics, Tikrit University, Tikrit, Iraq

DOI:

https://doi.org/10.29304/jqcsm.2026.18.22980

Keywords:

Network Intrusion Detection, Cloud Security, Industrial Control Systems Machine Learning

Abstract

In this study, we present an innovative methodology for distinguishing between TCP SYN flood attacks and Modbus query flood attacks in industrial cloud computing environments. We employed advanced feature engineering techniques that focus on the relationship between read and write operations in industrial protocols. A total of 3,528 attack scenarios were analyzed, and 25 distinctive features were extracted, the most prominent being the write packet ratio (67.9% importance in gradient enhancement models). The binary classifier demonstrated 97.45% accuracy in the new test data, showing balanced performance for both types of attacks. Comparisons between Random Forest and XGBoost algorithms showed similar effectiveness, despite the different feature importance distributions. The results indicate that protocol operation ratios provide higher discrimination power than traditional motion metrics. These findings provide a practical framework for detecting real-world attacks in industrial cybersecurity systems, while also allowing for the expansion of the feature engineering methodology to other industrial protocols and additional types of cyberattacks.

Downloads

Download data is not yet available.

References

. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), e4150. https://doi.org/10.1002/ett.4150

. Das, T. K., Adepu, S., & Zhou, J. (2020). Anomaly detection in Industrial Control Systems using Logical Analysis of Data. Computers and Security, 96, 101935. https://doi.org/10.1016/j.cose.2020.101935

. Gauthama Raman, M. R., Dong, W., & Mathur, A. (2020). Deep autoencoders as anomaly detectors: Method and case study in a distributed water treatment plant. Computers and Security, 99, 102055. https://doi.org/10.1016/j.cose.2020.102055

. Gauthama Raman, M. R., & Mathur, A. (2022). AICrit: A unified framework for real-time anomaly detection in water treatment plants. Journal of Information Security and Applications, 64, 103046. https://doi.org/10.1016/j.jisa.2021.103046

. Horak, T., Strelec, P., Huraj, L., Tanuska, P., Vaclavova, A., & Kebisek, M. (2021). The vulnerability of the production line using industrial IoT systems under DDOS attack. Electronics (Switzerland), 10(4), 1–32. https://doi.org/10.3390/electronics10040381

. Laskar, M. T. R., Huang, J. X., Smetana, V., Stewart, C., Pouw, K., An, A., & Liu, L. (2021). Extending isolation forest for anomaly detection in big data via k-means. ACM Transactions on Cyber-Physical Systems. https://doi.org/10.1145/3460976

. Nazir, S., Patel, S., & Patel, D. (2021). Autoencoder based anomaly detection for SCADA networks. International Journal of Artificial Intelligence and Machine Learning, 11(2), 83–99. https://doi.org/10.4018/IJAIML.20210701.oa6

. Ortega-Fernandez, I., Sestelo, M., Burguillo, J. C., & Piñón-Blanco, C. (2023). Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Neural Computing and Applications, 30, 5059-5075. https://doi.org/10.1007/s00521-022-08135-y

. Hirsi, A., Alhartomi, M. A., Audah, L., Salh, A., Sahar, N. M., Ahmed, S., Ansa, G. O., & Farah, A. (2024). Comprehensive Analysis of DDoS Anomaly Detection in Software-Defined Networks. IEEE Access, 12, 39562-39588. DOI:10.1109/ICFTSS61109.2024.10691328

. Bagyalakshmi, C., Samundeeswari, E. S., & Kumar, A. V. (2021). An Experimental Work Of TCP SYN Flood DDoS Attack On Cloud Environment – Simulation Approach. International Journal of Aquatic Science, 12(3), 1362-1368. https://scispace.com/papers/an-experimental-work-of-tcp-syn-flood-ddos-attack-on-cloud-58bwxlfch5

. Togbe, M. U., Barry, M., Boly, A., Chabchoub, Y., Chiky, R., Montiel, J., & Tran, V.-T., et al. (2020). Anomaly detection for data streams based on isolation forest using Scikit–Multiflow. In O. Gervasi (Ed.), Computational science and its applications–ICCSA 2020. Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-58811-3_2.

. Wang, C., Wang, B., Liu, H., & Qu, H. (2020). Anomaly detection for industrial control system based on autoencoder neural network. Wireless Communications and Mobile Computing, 2020, 1–10. https://doi.org/10.1155/2020/8897926

. Wang, T., Li, W., Rong, H., Yue, Z., & Zhou, J. (2022). Abnormal traffic detection-based on memory augmented generative adversarial IIoT-assisted network. Wireless Networks, 28(6), 2579–2595. https://doi.org/10.1007/s11276-022-02992-0

. Wang, Z., Jiang, D., Huo, L., & Yang, W. (2021). An efficient network intrusion detection approach based on deep learning. Wireless Networks. https://doi.org/10.1007/s11276-021-02698-9

. Zavrak, S., & İskefiyeli, M. (2020). Anomaly-based intrusion detection from network flow features using variational autoencoder. IEEE Access, 8, 108346–108358. https://doi.org/10.1109/ACCESS.2020.3001350

. Abdullah, A. S., & AlSaif, K. I. (2023). Computer Vision System For Backflip Motion Recognition in Gymnastics Based On Deep Learning. Journal of Al-Qadisiyah for Computer Science and Mathematics, 15(1), Comp Page 150–157. https://doi.org/10.29304/jqcm.2023.15.1.1162

. saadi Abdullah, A., Ali Abed, M., & Naser Ismael, A. (2019). Traffic signs recognitionusing cuckoo search algorithm and Curvelettransform with image processing methods. Journal of Al-Qadisiyah for Computer Science and Mathematics, 11(2), comp 74–81. https://doi.org/10.29304/jqcm.2019.11.2.591

. Abdullah, A.S., Alsaif, K.I.: Recognition and evaluation of stability movements in gymnastics based on deep learning. In: AICCIT 2023 - Al-Sadiq International Conference on Communication and Information Technology, pp. 267–271 (2023). https://doi.org/10.1109/AICCIT57614.2023.10218071

. Alsaif, K.I., Abdullah, A.S. (2024). Deep Learning Technique for Gymnastics Movements Evaluation Based on Pose Estimation. In: Rasheed, J., Abu-Mahfouz, A.M., Fahim, M. (eds) Forthcoming Networks and Sustainability in the AIoT Era. FoNeS-AIoT 2024. Lecture Notes in Networks and Systems, vol 1036. Springer, Cham. https://doi.org/10.1007/978-3-031-62881-8_19

Downloads

Published

2026-06-25

How to Cite

Murooj Fadhil Zaiter, Ahmed Saadi Abdullah, Mohammed Mahde Mahmood, & Majid Hamid Ali. (2026). Feature Engineering for High-Accuracy Discrimination Between TCP SYN and Modbus Query Flooding Attacks in Industrial Cloud Environments. Journal of Al-Qadisiyah for Computer Science and Mathematics, 18(2), Comp. 14 –26. https://doi.org/10.29304/jqcsm.2026.18.22980

Issue

Vol. 18 No. 2 (2026): JQCM

Section

Computer Articles

License

Copyright (c) 2026 Murooj Fadhil Zaiter, Ahmed Saadi Abdullah, Mohammed Mahde Mahmood, Majid Hamid Ali

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.