◉ ACTIVE RESEARCH

ML-Based IDS/IPS for ROS2 Autonomous Unmanned Ground Vehicle UGV Cybersecurity & Artificial Intelligence

A unified, machine learning-based IDS/IPS framework for ROS2-based UGV platforms. A critical contribution is a rigorous empirical evaluation of four ML approaches — Logistic Regression, Isolation Forest (broken baseline), Isolation Forest (corrected), and Random Forest — applied to two primary cyber-physical datasets (ROSpace, TON_IoT Modbus) with extended validation across four additional CIC-IDS2017 and UNSW-NB15 datasets, including a class imbalance case study. Random Forest achieves 91.7% accuracy on TON_IoT and 100% on ROSpace; unsupervised approaches reach only 50–72%.

Random Forest Isolation Forest ROS2 Humble Dual-Model Architecture NIST CSF 2.0 IEC 62443 STRIDE Python 3.11 Logistic Regression ROSpace Dataset TON_IoT Modbus CIC-IDS2017 UNSW-NB15 Cyber-Physical Systems

100%

ROSpace Accuracy

91.7%

TON_IoT RF Accuracy

ML Approaches Compared

Datasets Evaluated

🤖

01 — System Design

Unified Architecture Framework

A four-layer cross-domain monitoring system with embedded ML inference and autonomous IPS enforcement — designed for zero-human-intervention operation on robotic platforms.

SYSTEM ARCHITECTURE — TOP-DOWN DATA FLOW

🖥️ OS Layer — Process & System Telemetry

⚙️ ROS2 Middleware — Topic & Node Monitoring

🌐 Network Layer — Traffic Analysis

🔒 Physical Layer — Tamper & Sensor Signals

▼ Feature Extraction · Normalization · StandardScaler ▼

🧠 ML Detection — Random Forest (primary) + Isolation Forest (fallback)

▼ Cross-Layer Correlation Engine ▼

🛡️ IPS Response — Block · Alert · Isolate · Stop

🖥️

OS + ROS2 Monitoring

Continuous telemetry from OS processes, ROS2 node communication, and network interfaces — capturing CPU, memory, topic message rates, and traffic behavior simultaneously across all subsystems.

🧠

Dual-Model ML Detection

Random Forest (supervised) serves as primary model when labeled data is available — learns precise attack patterns across multi-layer telemetry. Isolation Forest (unsupervised) serves as fallback for zero-day and unlabeled environments.

⚖️

Correlation Engine

Multi-layer event correlation aggregates anomaly scores with physical security signals — tamper alerts, port violations, wireless anomalies — to assign HIGH/LOW risk levels with full contextual awareness.

🛡️

Automated IPS

On HIGH-risk: process isolation, ROS2 node blocking, network traffic filtering, and alert generation — all triggered in real time with no human intervention required for time-critical robotic missions.

02 — Execution Pipeline

6-Phase Operational Workflow

System Init

Robot activates OS, loads ROS2 middleware, initializes all security monitoring modules

Continuous Monitor

Concurrent telemetry from OS, ROS2 topics, network & physical sensors at all times

Feature Engineering

Telemetry aggregated, normalized into ML-ready vectors via StandardScaler pipeline

Anomaly Detection

Isolation Forest + Autoencoder evaluate behavior and compute layered anomaly scores

Risk Classification

Cross-layer correlation assigns HIGH/LOW risk, dramatically reducing false positives

IPS Response

Automated mitigation: process isolation, node blocking, iptables filtering, E-stop

03 — Intelligence Layer

Machine Learning Model Evaluation

Four ML approaches evaluated in strict progression — each iteration motivated by documented failures in the previous one. Results are honest and reproducible (random_state=42, 70/30 stratified split).

📉

Logistic Regression

APPROACH 1 · SUPERVISED BASELINE · FAILED

Simple supervised baseline to test whether linear decision boundaries could separate attack from normal traffic. Failed on TON_IoT because FC1–FC4 Modbus register means differ by less than 1% between classes — no linear boundary can separate them. Partial signal on ROSpace but inadequate recall.

solver: lbfgs Linear boundary

TON_IoT accuracy~52% (near random)

TON_IoT F1~52%

ROSpace accuracy~81%

ROSpace recall~45% (inadequate)

verdictFailed — non-linear data

⚠️

Isolation Forest

APPROACH 2 · UNSUPERVISED · BROKEN BASELINE

Isolation Forest with contamination=0.05 hardcoded. Produced invalid metrics due to three compounding bugs: (1) label encoding failure converting integers to strings — all rows flagged as attacks, TN=0; (2) label column leaked into feature matrix; (3) contamination=5% vs actual 51.8% attack rate — model physically cannot detect most attacks.

n_estimators: 100 contamination: 0.05 (wrong)

TON_IoT accuracy4.5% (invalid)

TON_IoT precision100% (false — TN=0)

TON_IoT recall4.5% — TN=0

verdictInvalid — 3 implementation bugs

🌲

Isolation Forest

APPROACH 3 · UNSUPERVISED CEILING · ALL BUGS FIXED

All three bugs corrected: integer labels used directly, label column excluded from features, contamination derived from actual training attack ratio. Reveals the true unsupervised ceiling — near-random on TON_IoT because attack and normal Modbus register distributions are statistically identical (mean diff < 1%). On ROSpace, flags only 29% of attacks.

n_estimators: 200 contamination: dynamic Unsupervised

TON_IoT accuracy50.0%

TON_IoT F151.1%

ROSpace accuracy72.7%

ROSpace F129.2% (misses 70.7% of attacks)

verdictUnsupervised ceiling — insufficient

🌳

Random Forest

APPROACH 4 · SUPERVISED · FINAL PRODUCTION MODEL

Ensemble of decision trees trained on labeled data. Learns joint feature patterns separating attack from normal — no assumption about feature distributions. Transformative results on both datasets. Top ROSpace features: OS memory metrics (pgfree, nr_inactive_file, pgactivate). TON_IoT: all four FC columns contribute ~25% each, exploiting subtle joint patterns invisible to Logistic Regression and Isolation Forest.

Supervised AUC-ROC 0.974 / 1.000 Production model

TON_IoT accuracy91.7%

TON_IoT F1 / Recall91.9% / 91.0%

ROSpace accuracy100.0%

ROSpace F1 / Recall99.9% / 99.8%

verdictProduction — decisively superior

⚡

Dual-Model Deployment Strategy

ADAPTIVE ARCHITECTURE — LABEL-AWARE SELECTION

PRIMARY (labeled env):
Random Forest — max accuracy, feature importance, label-pattern learning

FALLBACK (unlabeled env):
Isolation Forest — zero-day capability, no labels required, statistical outlier detection

04 — Empirical Results

Model Performance & Comparison

All four ML approaches evaluated on both primary datasets. Full confusion matrix counts reported — Accuracy alone is insufficient for IDS evaluation. F1, Recall, and TP/TN/FP/FN are primary indicators.

ROSpace RF Accuracy

100%

Precision 100% · Recall 99.8% · F1 99.9%

TON_IoT RF Accuracy

91.7%

Precision 92.9% · Recall 91.0% · F1 91.9%

AUC-ROC (ROSpace)

1.000

Near-perfect discrimination

AUC-ROC (TON_IoT)

0.974

Strong — genuine data challenge

◈ TABLE 11 — ALL FOUR APPROACHES COMPARATIVE SUMMARY

Approach	Algorithm	Mode	TON_IoT Acc.	TON_IoT F1	ROSpace Acc.	ROSpace F1	Status
Approach 1	Logistic Regression	Supervised	~52%	~52%	~81%	~49%	Failed — linear boundary
Approach 2	Isolation Forest (bugs)	Unsupervised	4.5%	8.6%	49.7%	66.4%	Invalid — 3 bugs (TN=0)
Approach 3	Isolation Forest (fixed)	Unsupervised	50.0%	51.1%	72.7%	29.2%	Unsupervised ceiling
Approach 4	Random Forest ✓	Supervised	91.7%	91.9%	100.0%	99.9%	PRODUCTION

RANDOM FOREST — ROSpace Confusion Matrix

PRED: Normal

PRED: Attack

ACTUAL: Normal

7,271

ACTUAL: Attack

1,725

Metric	Value	Note
Accuracy	100.0%	Near-perfect
Precision	100.0%	Zero false alarms
Recall	99.8%	1,725 / 1,729 caught
F1 Score	99.9%	Excellent
AUC-ROC	1.000	Perfect discrimination

RANDOM FOREST — TON_IoT Modbus Confusion Matrix

PRED: Normal

PRED: Attack

ACTUAL: Normal

4,166

334

ACTUAL: Attack

437

4,395

Metric	Value	Note
Accuracy	91.7%	9,332 test rows
Precision	92.9%	Strong
Recall	91.0%	4,395 / 4,832 caught
F1 Score	91.9%	Balanced
AUC-ROC	0.974	Genuine data challenge

RF Feature Importance — ROSpace Dataset

pgfree (memory reclaim)HIGH

nr_inactive_fileHIGH

pgactivateHIGH

nr_active_file / ActiveMED

nmap discovery causes characteristic OS memory allocation changes — RF detects this pattern

RF Feature Importance — TON_IoT Modbus Dataset

FC3_Read_Holding_Register25.0%

FC2_Read_Discrete_Value24.7%

FC4_Read_Coil24.7%

FC1_Read_Input_Register24.4%

Equal contribution — RF exploits subtle joint register patterns invisible to Logistic Regression + Isolation Forest

05 — Methodological Finding

Class Imbalance Case Study

CIC-IDS2017 Thursday Infiltration dataset — extreme class imbalance demonstrates why reporting Accuracy alone is dangerously misleading in IDS evaluation.

CIC-IDS2017 INFILTRATION DATASET STATS

288,602

TOTAL RECORDS

ATTACK RECORDS

0.013%

ATTACK RATE

TRAINING ATTACKS

RF trained on 50,000 rows of which only 6 are attack instances — insufficient to learn reliable decision boundaries. The model recognises attacks are rare but cannot generalise robustly.

THE ACCURACY PARADOX — OBSERVED METRICS

Metric	Value	Interpretation
Accuracy	100.0%	Misleading
Precision	100.0%	Correct — no false alarms
Recall	27.3%	Only 3 of 11 attacks caught
F1 Score	42.9%	True measure of imbalance
TP / TN / FP / FN	3 / 86,570 / 0 / 8	Full matrix counts

Key principle: 100% Accuracy achieved by predicting majority class. Recall of 27.3% and F1 of 42.9% are the honest metrics — not system failure, but data reality with 6 training attack examples.

◈ TABLE 13.6.4 — CROSS-DATASET: ATTACK RATE vs. DETECTION PERFORMANCE

Dataset	Attack Rate	Attacks in Test Set	RF Recall	RF F1	Detection Feasibility
ROSpace UGV	19.2%	1,729	99.8%	99.9%	Excellent
TON_IoT Modbus	51.8%	4,832	91.0%	91.9%	Strong
UNSW-NB15	20.2%	26,668	98.6%	98.5%	Excellent
CIC-IDS2017 DDoS	56.7%	38,407	100%	100%	Excellent
CIC-IDS2017 PortScan	55.5%	47,679	100%	100%	Excellent
CIC-IDS2017 Infiltration	0.013%	11	27.3%	42.9%	Limited — class imbalance

Pattern: datasets with attack rates above 19% yield Recall >91% and F1 >91.9%. Infiltration dataset (0.013%) yields 27.3% Recall — not framework failure, insufficient training attack instances.

06 — Research Publication

IEEE Paper Contributions

Key technical contributions and literature positioning from the submitted IEEE paper on ML-Based IDS/IPS for ROS2 Autonomous UGVs.

📄 Research

KEY DETAILS

Unified multi-layer IDS/IPS framework for ROS2 UGVs integrating OS, middleware, network, and physical-layer monitoring within a single embedded architecture

Rigorous empirical comparison of 4 ML approaches showing supervised learning (Random Forest) is decisively superior — 91.7% on TON_IoT and 100% on ROSpace vs 50–72% for unsupervised

Documentation of 3 critical ML implementation bugs (label encoding failure, label leakage, contamination mismatch) — a methodological lesson for cyber-physical IDS evaluation

Dual-model architecture: Random Forest for labeled environments (max accuracy), Isolation Forest fallback for unlabeled/zero-day environments — practical deployment across varied operational conditions

Class imbalance case study (CIC Infiltration, 0.013% attack rate) demonstrating the accuracy paradox — establishing that F1 and Recall, not accuracy alone, are the valid IDS quality indicators

TABLE 12 — KNOWN LIMITATIONS

Limitation	Category	Impact
Limited Modbus features	Data/ML	91.7% accuracy ceiling on TON_IoT
Simulated physical sensors	Hardware	Not validated on real hardware
Single attack type (ROSpace)	Data	May not generalize to diverse ROS2 attacks
Labels required for RF	ML	Cannot operate without training labels
No real robot deployment	System	Simulation only — RPi4 deployment pending

"The dual-model architecture — Random Forest for labeled datasets, Isolation Forest for unlabeled environments — provides a practical framework for deployment across varied operational conditions."

— Conclusion

07 — Standards

Regulatory Compliance Alignment

NIST CSF 2.0

CYBERSECURITY FRAMEWORK

GOVERN — Risk classification policy

IDENTIFY — Asset & threat mapping

PROTECT — Multi-layer monitoring

DETECT — Isolation Forest + Autoencoder

RESPOND — Automated IPS mitigation

IEC 62443

INDUSTRIAL AUTOMATION SECURITY

System segmentation — zones & conduits

Secure communication monitoring

Defense-in-depth multi-layer architecture

Access control — unauthorized detection

System integrity — file & model protection

ISO/IEC 27400

IOT SECURITY & PRIVACY GUIDELINES

Device protection — embedded security

Data security — telemetry integrity

Continuous cross-layer monitoring

Risk management — threat identification

Lifecycle security — secure-by-design

08 — Hardware Extension

Ubuntu Linux Deployment

🐧 NEW · Ubuntu 22.04 LTS Deployment Guide

This extension deploys the IDS/IPS framework on native Ubuntu Linux — enabling direct hardware integration with ROS2 robotic platforms and real-time sensor telemetry from physical UGV systems, bridging the gap from simulation to field-ready deployment.

INSTALLATION COMMANDS

# System setup & dependencies
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install python3.11 python3-pip -y
$ pip3 install scikit-learn numpy pandas tensorflow

# ROS2 Humble setup (Ubuntu 22.04)
$ sudo apt install ros-humble-desktop -y
$ source /opt/ros/humble/setup.bash

# Launch IDS/IPS as ROS2 node
$ ros2 run ugv_ids ids_node --ros-args \
  -p model_path:=models/isolation_forest.pkl \
  -p ae_model_path:=models/autoencoder.keras

# Monitor live alerts in real time
$ ros2 topic echo /ids/alerts
$ ros2 topic echo /ids/risk_level

DEPLOYMENT ROADMAP

Ubuntu 22.04 + ROS2 Humble

Install native Ubuntu LTS on robot compute unit. Configure ROS2 Humble middleware and establish DDS communication layer across all robot subsystems.

IDS Engine as ROS2 Node

Wrap ugv_ids_engine.py into a ROS2 Python node. Subscribe to OS telemetry, ROS2 topic introspection, and network monitoring topics via DDS.

Live Hardware Telemetry

Replace simulated inputs with real sensor streams. Integrate /proc filesystem for OS telemetry and libpcap for live network packet capture.

Systemd Auto-Start Service

Configure IDS as a systemd service for automatic startup on boot — protection active before any mission begins, with journal logging.

Real-Time IPS Enforcement

On HIGH risk: execute iptables rules, kill unauthorized processes, publish emergency stop to /ugv/safety topic within 500ms latency window.

09 — Data Foundation

Evaluation Datasets

Two primary datasets used for model development and selection. Four extended validation datasets confirm framework generalizability across heterogeneous cyber-physical environments and attack distributions.

PRIMARY DATASETS — MODEL DEVELOPMENT & SELECTION

🤖

ROSPaCe Dataset

PRIMARY · ROS2 MULTI-LAYER TELEMETRY

29,999 rows · 62 columns. OS memory metrics, TCP network layer, ROS2 communication statistics, MQTT measurements. Two classes: observe (normal, 80.8%) and nmap discovery (attack, 19.2%). High-dimensional feature space with meaningful separation.

PRIMARY DATASET RF: 100% ACC

🌐

TON_IoT (UNSW)

SECONDARY · MODBUS INDUSTRIAL CONTROL

31,106 rows · 8 columns. Four Modbus FC registers (FC1–FC4). Attack types: injection, backdoor, password, XSS, scanning (16,106 rows, 51.8%). Normal: 15,000 rows. Mean register diff <1% between classes — genuine feature separability challenge.

CROSS-DOMAIN VALIDATION RF: 91.7% ACC

⚗️

Synthetic Anomalies

GENERATED · CONTROLLED ATTACK INJECTION

Structured attack scenarios injected across all four monitoring layers: CPU spike floods, ROS2 message flooding, SYN floods, and file integrity violations. Enables evaluation of rare but high-impact attack types not covered in baseline datasets. 70/30 train/test split.

ATTACK INJECTION

EXTENDED VALIDATION DATASETS — GENERALIZABILITY TESTING

🔬

UNSW-NB15

EXTENDED · NETWORK FLOW · 49 FEATURES

440,044 records · 9 attack categories: Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, Worms. Attack rate: 20.2%. Binary label + 49 features. Realistic hybrid of modern normal and synthetic attack traffic.

RF: 99.4% ACC

🌊

CIC-IDS2017 DDoS

EXTENDED · FRIDAY DDoS SUBSET

225,745 rows · 56.7% attack rate. DDoS traffic with high feature separability between attack and normal classes. Validates framework's ability to handle volumetric network attacks with near-perfect detection due to strong class distinction.

RF: 100% ACC

🔍

CIC-IDS2017 PortScan

EXTENDED · FRIDAY PORTSCAN SUBSET

286,467 rows · 55.5% attack rate. PortScan traffic with strong feature separability. Validates framework behavior on reconnaissance-type attacks. 100% RF accuracy confirms high feature separability between scan and normal network behavior.

RF: 100% ACC

⚠️

CASE STUDY

CIC-IDS2017 Infiltration — Extreme Class Imbalance

EXTENDED VALIDATION · STRESS TEST · 0.013% ATTACK RATE

288,602 records, only 36 are Infiltration attacks (0.013% attack rate). Produces 100% Accuracy and 100% Precision but only 27.3% Recall and 42.9% F1 — demonstrating the accuracy paradox and why full confusion matrix reporting is mandatory in IDS evaluation. See Section 05 above for full analysis.