{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T03:42:40Z","timestamp":1777002160958,"version":"3.51.4"},"reference-count":27,"publisher":"MDPI AG","issue":"23","license":[{"start":{"date-parts":[[2022,11,27]],"date-time":"2022-11-27T00:00:00Z","timestamp":1669507200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"SAUDI ARAMCO Cybersecurity Chair, Imam Abdulrahman Bin Faisal University"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The advent of Industry 4.0 has revolutionized the life enormously. There is a growing trend towards the Internet of Things (IoT), which has made life easier on the one hand and improved services on the other. However, it also has vulnerabilities due to cyber security attacks. Therefore, there is a need for intelligent and reliable security systems that can proactively analyze the data generated by these devices and detect cybersecurity attacks. This study proposed a proactive interpretable prediction model using ML and explainable artificial intelligence (XAI) to detect different types of security attacks using the log data generated by heating, ventilation, and air conditioning (HVAC) attacks. Several ML algorithms were used, such as Decision Tree (DT), Random Forest (RF), Gradient Boosting (GB), Ada Boost (AB), Light Gradient Boosting (LGBM), Extreme Gradient Boosting (XGBoost), and CatBoost (CB). Furthermore, feature selection was performed using stepwise forward feature selection (FFS) technique. To alleviate the data imbalance, SMOTE and Tomeklink were used. In addition, SMOTE achieved the best results with selected features. Empirical experiments were conducted, and the results showed that the XGBoost classifier has produced the best result with 0.9999 Area Under the Curve (AUC), 0.9998, accuracy (ACC), 0.9996 Recall, 1.000 Precision and 0.9998 F1 Score got the best result. Additionally, XAI was applied to the best performing model to add the interpretability in the black-box model. Local and global explanations were generated using LIME and SHAP. The results of the proposed study have confirmed the effectiveness of ML for predicting the cyber security attacks on IoT devices and Industry 4.0.<\/jats:p>","DOI":"10.3390\/s22239235","type":"journal-article","created":{"date-parts":[[2022,11,28]],"date-time":"2022-11-28T08:13:09Z","timestamp":1669623189000},"page":"9235","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["A Proactive Attack Detection for Heating, Ventilation, and Air Conditioning (HVAC) System Using Explainable Extreme Gradient Boosting Model (XGBoost)"],"prefix":"10.3390","volume":"22","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1002-6178","authenticated-orcid":false,"given":"Irfan Ullah","family":"Khan","sequence":"first","affiliation":[{"name":"SAUDI ARAMCO Cybersecurity Chair, Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1619-5733","authenticated-orcid":false,"given":"Nida","family":"Aslam","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3406-9693","authenticated-orcid":false,"given":"Rana","family":"AlShedayed","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dina","family":"AlFrayan","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rand","family":"AlEssa","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Noura A.","family":"AlShuail","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alhawra","family":"Al Safwan","sequence":"additional","affiliation":[{"name":"Department of Computer Science, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,11,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/s41315-021-00180-5","article-title":"Digital twins: Artificial intelligence and the IoT cyber-physical systems in Industry 4.0","volume":"6","author":"Radanliev","year":"2022","journal-title":"Int. J. Intell. Robot. Appl."},{"key":"ref_2","unstructured":"(2022, July 13). Smart Building Automation Systems Vulnerable to Cyber Attack. Available online: https:\/\/inbuildingtech.com\/smart-buildings\/cyber-attack-smart-building-iot\/."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"113311","DOI":"10.1109\/ACCESS.2019.2934632","article-title":"Delimitated anti jammer scheme for internet of vehicle: Machine learning based security approach","volume":"7","author":"Kumar","year":"2019","journal-title":"IEEE Acces"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Shah, M.A., Zeeshan Khan, F., Abbas, G., Abbas, Z.H., Ali, J., Aljameel, S.S., Khan, I.U., and Aslam, N. (2022). Optimal Path Routing Protocol for Warning Messages Dissemination for Highway VANET. Sensors, 22.","DOI":"10.3390\/s22186839"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Salloum, S.A., Alshurideh, M., Elnagar, A., and Shaalan, K. (2020, January 8\u201310). Machine Learning and Deep Learning Techniques for Cybersecurity: A Review. Proceedings of the International Conference on Artificial Intelligence and Computer Vision (AICV2020), Cairo, Egypt.","DOI":"10.1007\/978-3-030-44289-7_5"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Aslam, N., Khan, I.U., Mirza, S., AlOwayed, A., Anis, F.M., Aljuaid, R.M., and Baageel, R. (2022). Interpretable Machine Learning Models for Malicious Domains Detection Using Explainable Artificial Intelligence (XAI). Sustainability, 14.","DOI":"10.3390\/su14127375"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ahmed, M., Islam, S.R., Anwar, A., Moustafa, N., and Pathan, A.S.K. (2022). Explainable Artificial Intelligence for Cyber Security: Next Generation Artificial Intelligence, Springer.","DOI":"10.1007\/978-3-030-96630-0"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"102816","DOI":"10.1016\/j.scs.2021.102816","article-title":"Application of data-driven attack detection framework for secure operation in smart buildings","volume":"69","author":"Elnour","year":"2021","journal-title":"Sustain. Cities Soc."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wu, Y., Xu, X., Walker, P.R., Liu, J., Saxena, N., Chen, Y., and Yu, J. (2021, January 7\u201311). HVAC: Evading Classifier-based Defenses in Hidden Voice Attacks. Proceedings of the ASIA CCS 2021 ACM Asia Conference on Computer and Communications Security, Virtual.","DOI":"10.1145\/3433210.3437523"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Munir, M., Erkel, S., Dengel, A., and Ahmed, S. (2017, January 18\u201321). Pattern-Based Contextual Anomaly Detection in HVAC Systems. Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW), New Orleans, LA, USA.","DOI":"10.1109\/ICDMW.2017.150"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Novikova, E., Bestuzhev, M., and Kotenko, I. (2019, January 26\u201327). Anomaly Detection in the HVAC System Operation by a RadViz Based Visualization-Driven Approach. Proceedings of the Computer Security: ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Luxembourg. 2019 Revised Selected Papers.","DOI":"10.1007\/978-3-030-42048-2_26"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"103041","DOI":"10.1016\/j.scs.2021.103041","article-title":"IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities","volume":"72","author":"Ashraf","year":"2021","journal-title":"Sustain. Cities Soc."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3460822","article-title":"Machine Learning for Automated Industrial IoT Attack Detection: An Efficiency-Complexity Trade-Off","volume":"12","author":"Chakraborty","year":"2021","journal-title":"ACM Trans. Manag. Inf. Syst."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Liu, J., Kantarci, B., and Adams, C. (2020, January 13). Machine Learning-Driven Intrusion Detection for Contiki-NG-Based IoT Networks Exposed to NSL-KDD Dataset. Proceedings of the 2nd ACM workshop on wireless security and machine learning, Linz, Austria.","DOI":"10.1145\/3395352.3402621"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Vargas, H., Lozano-Garzon, C., Montoya, G.A., and Donoso, Y. (2021). Detection of Security Attacks in Industrial IoT Networks: A Blockchain and Machine Learning Approach. Electronics, 10.","DOI":"10.3390\/electronics10212662"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Ahsan, M., Gomes, R., Chowdhury, M.M., and Nygard, K.E. (2021). Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector. J. Cybersecur. Priv., 1.","DOI":"10.3390\/jcp1010011"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"16488","DOI":"10.1109\/ACCESS.2021.3051300","article-title":"Cyber Attack Detection Based on Wavelet Singular Entropy in AC Smart Islands: False Data Injection Attack","volume":"9","author":"Dehghani","year":"2021","journal-title":"IEEE Access"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3271","DOI":"10.1109\/TII.2018.2825243","article-title":"Online False Data Injection Attack Detection With Wavelet Transform and Deep Neural Networks","volume":"14","author":"James","year":"2018","journal-title":"IEEE Trans. Ind. Informatics"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ding, Y., Ma, K., Pu, T., Wang, X., Li, R., and Zhang, D. (2021). A deep learning-based classification scheme for false data injection attack detection in power system. Electronics, 10.","DOI":"10.3390\/electronics10121459"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"136831","DOI":"10.1109\/ACCESS.2021.3117080","article-title":"Machine Learning Mitigants for Speech Based Cyber Risk","volume":"9","author":"Campi","year":"2021","journal-title":"IEEE Access"},{"key":"ref_21","unstructured":"Han, J., Pei, J., and Tong, H. (2022). Data Mining: Concepts and Techniques, Morgan Kaufmann."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1177\/1536867X20909688","article-title":"The random forest algorithm for statistical learning","volume":"20","author":"Schonlau","year":"2020","journal-title":"Stata J."},{"key":"ref_23","unstructured":"Ridgeway, G. (1999). The state of boosting. Comput. Sci. Stat., 172\u2013181."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Friedman, J.H. (2001). Greedy function approximation: A gradient boosting machine. Ann. Stat., 1189\u20131232.","DOI":"10.1214\/aos\/1013203451"},{"key":"ref_25","unstructured":"Bartlett, P., and Traskin, M. (2006). AdaBoost is Consistent. Adv. Neural Inf. Processing Syst., 19, Available online: https:\/\/proceedings.neurips.cc\/paper\/2006\/file\/b887d8d5e65ac4dec3934028fe23ad72-Paper.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Chen, T., and Guestrin, C. (2016, January 13\u201317). XGBoost: A Scalable Tree Boosting System. Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA.","DOI":"10.1145\/2939672.2939785"},{"key":"ref_27","unstructured":"Dorogush, A.V., Ershov, V., and Gulin, A. (2022, August 17). CatBoost: Gradient Boosting With Categorical Features Support. Available online: http:\/\/arxiv.org\/abs\/1810.11363."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/23\/9235\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:27:59Z","timestamp":1760146079000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/22\/23\/9235"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,27]]},"references-count":27,"journal-issue":{"issue":"23","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["s22239235"],"URL":"https:\/\/doi.org\/10.3390\/s22239235","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,27]]}}}