Design and Evaluation of a Machine Learning-based Botnet Detection Framework for SCADA Systems in Nigeria
Abstract
Supervisory control and data acquisition (SCADA) systems form the backbone of Nigeria’s critical infrastructure, supporting essential services across energy, oil and gas, manufacturing, and refining sectors. Increasing interconnectivity via industrial networks and the Internet exposes these systems to sophisticated cyber threats, particularly botnet attacks. This can disrupt operations, damage data integrity, and have substantial economic and public safety implications. Traditional signature-based security methods are frequently ineffective against developing and zero-day attacks, underlining the necessity for intelligent, adaptive detection solutions. This study presents a machine learning-based botnet detection framework tailored for Nigerian SCADA networks. The framework integrates real-time traffic monitoring, feature engineering, and supervised learning models to identify anomalous and malicious communication patterns. Traffic characteristics such as packet rates, protocol patterns, and flow metrics are identified and examined to improve detection precision and reduce false alarms. Various machine learning algorithms are assessed to evaluate their effectiveness for deployment in real-time, resource-limited SCADA systems. Validation using simulated and real SCADA datasets demonstrates that machine learning models can reliably distinguish normal from malicious traffic, with ensemble and hybrid models showing superior performance. Feature selection further improves computational efficiency without reducing accuracy, supporting practical operational deployment. The study demonstrates the viability of ML-driven botnet detection for strengthening SCADA cybersecurity. It recommends that infrastructure operators adopt adaptive ML-based intrusion detection, continuously retrain models using local traffic, and integrate detection frameworks with national incident response systems. Policymakers should promote standardized SCADA data sharing and capacity-building initiatives to reinforce Nigeria’s overall industrial cybersecurity resilience.
References
O. A. Alimi, K. Ouahada, A. M. Abu-Mahfouz, S. Rimer, and K. O. Adefemi, “A review of research works on supervised learning algorithms for SCADA intrusion detection and classification,” Sustainability, vol. 13, no. 17, p. 9597, 2021.
S. Y. Diaba, T. Anafo, L. A. Tetteh, M. A. Oyibo, A. A. Alola, M. Shafie-khah, and M. Elmusrati, “SCADA securing system using deep learning to prevent cyber infiltration,” Neural Networks, vol. 165, pp. 321–332, 2023.
M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan, and R. Jain, “Machine learning based network vulnerability analysis of industrial internet of things,” IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6822–6834, 2019.
A. Orman, “Cyberattack detection systems in industrial internet of things (IIoT) networks in big data environments,” Applied Sciences, vol. 15, no. 6, p. 3121, 2025.
A. Al Zaki Khan and G. Serpen, “Intrusion detection and identification system design and performance evaluation for industrial SCADA networks,” arXiv preprint, 2020.
M. A. Teixeira, T. Salman, M. Zolanvari, R. Jain, N. Meskin, and M. Samaka, “SCADA system testbed for cybersecurity research using machine learning approach,” Future Internet, vol. 10, no. 8, p. 76, 2018.
T. J. S. Singh, J. I. Sheeba, and S. P. Devaneyan, “A survey on SCADA’s security, concerns and attacks,” in Advancements in Smart Computing and Information Security, S. Rajagopal, K. Popat, D. Meva, and S. Bajeja, Eds. Cham, Switzerland: Springer, 2024, vol. 2039, Communications in Computer and Information Science.
B. Al-Muntaser, M. A. Mohamed, A. Y. Tuama, and I. A. Rana, “Cybersecurity advances in SCADA systems,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 14, no. 8, 2023.
Kentik, “Network anomaly detection: A comprehensive guide,” Kentipedia, 2025.
Y. T. Salih, et al., “Machine learning approaches for botnet detection in network traffic,” in Proc. Cognitive Models and Artificial Intelligence Conference (AICCONF), Dubai, UAE, Feb. 12–14, pp. 310–315, 2024.
G. Wu and X. Wang, “A privacy-enhanced framework with deep learning for botnet detection,” Cybersecurity, vol. 8, p. 9, 2025.
A. M. Alashjaee, “Deep learning for network security: An attention-CNN-LSTM model for accurate intrusion detection,” Scientific Reports, vol. 15, p. 21856, 2025.
A. Alsaiari and M. Ilyas, “A hybrid CNN-LSTM deep learning model for intrusion detection in smart grid,” International Journal of Artificial Intelligence and Applications (IJAIA), vol. 16, no. 5, 2025.
S. Mubarak, M. H. Habaebi, M. R. Islam, N. Jaleel, and M. T. Siddique, “Randomised CNN-based deep learning technique for cyber-attacks detection in SCADA industrial control systems,” Measurement, vol. 254, p. 117933, Oct. 2025.
M. Ali, M. F. Mushtaq, U. Akram, et al., “Botnet detection in internet of things using a stacked ensemble learning model,” Scientific Reports, vol. 15, p. 21012, 2025.
A. L. Galarza Yallico and F. M. Santos López, “Detection of cyberattacks in SCADA water distribution systems using machine learning: A systematic review of the literature,” in Proc. International Conference on Computer Science, Electronics and Industrial Engineering (CSEI 2023), Cham, Switzerland: Springer, 2024, vol. 775, Lecture Notes in Networks and Systems.
