Jun Wang,Changfu Si,Zhen Wang,Qiang Fu

DOI: https://doi.org/10.32604/cmc.2024.050223

2024-01-01

Abstract:Nowadays, with the rapid development of industrial Internet technology, on the one hand, advanced industrial control systems (ICS) have improved industrial production efficiency. However, there are more and more cyber-attacks targeting industrial control systems. To ensure the security of industrial networks, intrusion detection systems have been widely used in industrial control systems, and deep neural networks have always been an effective method for identifying cyber attacks. Current intrusion detection methods still suffer from low accuracy and a high false alarm rate. Therefore, it is important to build a more efficient intrusion detection model. This paper proposes a hybrid deep learning intrusion detection method based on convolutional neural networks and bidirectional long short-term memory neural networks (CNN-BiLSTM). To address the issue of imbalanced data within the dataset and improve the model’s detection capabilities, the Synthetic Minority Over-sampling Technique-Edited Nearest Neighbors (SMOTE-ENN) algorithm is applied in the preprocessing phase. This algorithm is employed to generate synthetic instances for the minority class, simultaneously mitigating the impact of noise in the majority class. This approach aims to create a more equitable distribution of classes, thereby enhancing the model’s ability to effectively identify patterns in both minority and majority classes. In the experimental phase, the detection performance of the method is verified using two data sets. Experimental results show that the accuracy rate on the CICIDS-2017 data set reaches 97.7%. On the natural gas pipeline dataset collected by Lan Turnipseed from Mississippi State University in the United States, the accuracy rate also reaches 85.5%.

Zhi-Yang,Xiao-jun

2020-01-01

Abstract:Intrusion Detection Algorithm of Power Grid Industrial Control System Based on CNN ZHAO Zhi-Yang, XIA Xiao-Jun (University of Chinese Academy of Sciences, Beijing 100049, China) (Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang 110168, China) Abstract: Traditional power grid industrial control systems are mainly isolated from external networks through tools such as firewalls, but with the application of new technologies such as cloud computing and the Internet of Things, the degree of interconnection between networks has continued to deepen, and the difficulty of security protection has greatly increased. How to effectively detect network intrusion behavior has become very important. Compared with traditional intrusion detection technology, convolutional neural networks have a better ability to extract intrusion features. This study proposes a power grid industrial control system intrusion detection algorithm based on convolutional neural networks. The KDD99 dataset is processed for model training, and a cascade convolution layer is added to optimize the network structure. Under the premise of small parameter scale, the real-time requirements of the model are guaranteed. Compared with the traditional SVM algorithm and the k-means algorithm, the intrusion detection accuracy of the proposed algorithm in this study is improved, the false detection rate is reduced, and the intrusion behavior to the power grid industrial control system can be effectively detected.

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Dingyu Shou,Chao Li,Zhen Wang,Song Cheng,Xiaobo Hu,Kai Zhang,Mi Wen,Yong Wang

DOI: https://doi.org/10.1093/comjnl/bxad105

2023-11-01

The Computer Journal

Abstract:Abstract Security of computer information can be improved with the use of a network intrusion detection system. Since the network environment is becoming more complex, more and more new methods of attacking the network have emerged, making the original intrusion detection methods ineffective. Increased network activity also causes intrusion detection systems to identify errors more frequently. We suggest a new intrusion detection technique in this research that combines a Convolutional Neural Network (CNN) model with a Bi-directional Long Short-term Memory Network (BiLSTM) model for adding attention mechanisms. We distinguish our model from existing methods in three ways. First, we use the NCR-SMOTE algorithm to resample the dataset. Secondly, we use recursive feature elimination method based on extreme random tree to select features. Thirdly, we improve the profitability and accuracy of predictions by adding attention mechanism to CNN-BiLSTM. This experiment uses UNSW-UB15 dataset composed of real traffic, and the accuracy rate of multi-classification is 84.5$\%$; the accuracy rate of multi-classification in CSE-IC-IDS2018 dataset reached 98.3$\%$.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Wei Dai,Xinhui Li,Wenxin Ji,Sicheng He

DOI: https://doi.org/10.1109/access.2024.3384528

IF: 3.9

2024-04-20

IEEE Access

Abstract:To address the issue of low detection accuracy and high false positive rate in existing network intrusion detection methods, this paper proposes an intrusion detection model based on CNN-BiLSTM-Attention. Firstly, CNN is used to extract the spatial features from the intrusion data; Secondly, BiLSTM is used to mine the temporal features from the intrusion data further; Thirdly, the attention mechanism is used to assign different weights to the extracted spatiotemporal features and then enhance the role of important features in the calculation process, which can improve the classification accuracy of the model. In addition, for the problem of class imbalance existing in network intrusion data, Equalization Loss v2 is introduced as the loss function of the CNN-BiLSTM-Attention model, making the model pay more attention to minority class data during the training process, thereby improving the detection rate of the model for the minority class data. Finally, comparative experiments are conducted on NSL-KDD, UNSW-NB15, and CIC-DDoS2019 datasets. The experimental results show that the CNN-BiLSTM-Attention model outperforms the other models in terms of accuracy, detection rate, and false positive rate.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yixin Jiang,Yunan Zhang,Xiaoyun Kuang,Aidong Xu,Xuzhu Dong,Shiyong Dai,Jinhua Huang

DOI: https://doi.org/10.1109/ei256261.2022.10116191

2022-01-01

Abstract:Industrial control network intrusion detection system has higher requirements for detection rate, false positive rate, and real-time performance. In order to solve this problem, this paper proposed a new type of feature extractor abstracting mapping from the original low-level feature set to the high-level feature set. This feature extractor is composed of 3 heterogeneous sub-feature extractors 1D CNN, LSTM, and SAE. Secondly, the integrated feature set passes through a random forest (RF) classifier. Thirdly, combined with the regularity and stability of the industrial control network, a suspected host inspection method is designed based on the sequential hypothesis testing of real-time network traffic. This method uses the individual learner results of the above 3 feature extractors. Combining the above, two-stage fusion (SHT-RF) is carried out to realize real-time industrial control network intrusion detection, and achieve the purpose of improving the detection rate and enhancing the robustness of the system. Finally, it is verified on the CICIDS2017 data set. The detection rate of the proposed method is 99.59%, and the false positive rate is 0.09%. Compared with other machine learning methods, it has achieved a good improvement effect.

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Yanmiao Li,Yingying Xu,Zhi Liu,Haixia Hou,Yushuo Zheng,Yang Xin,Yuefeng Zhao,Lizhen Cui

DOI: https://doi.org/10.1016/j.measurement.2019.107450

IF: 5.6

2019-01-01

Measurement

Abstract:A robust intrusion detection system plays a very important role in network security. In the face of complex network data and diverse intrusion methods, traditional machine learning methods seem to be inadequate and cannot meet the requirements of the current network environment. Existing deep learning-based methods are far from fully exploiting their potential in dealing with such one-dimensional feature data, and their performance is still unsatisfactory in detecting unknown intrusions. This paper proposes a deep learning approach for intrusion detection using a multi-convolutional neural network (multi-CNN) fusion method. According to the correlation, the feature data are divided into four parts, and then the one-dimensional feature data are converted into a grayscale graph. By using the flow data visualization method, CNN is introduced into the intrusion detection problem and the best of the four results emerge. The experimental results successfully demonstrate that the multi-CNN fusion model is very suitable for providing a classification method with high accuracy and low complexity on the NSL-KDD dataset. Furthermore, its performance is also superior to those of traditional machine learning methods and other recent deep learning approaches for binary classification and multiclass classification. This work will contribute for the data security of industrial loT. (C) 2019 Elsevier Ltd. All rights reserved.

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

Yingxu Lai,Jingwen Zhang,Zenghui Liu

DOI: https://doi.org/10.1155/2019/8124254

IF: 1.968

2019-01-01

Security and Communication Networks

Abstract:The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Pengfei Sun,Pengju Liu,Qi Li,Chenxi Liu,Xiangling Lu,Ruochen Hao,Jinpeng Chen

DOI: https://doi.org/10.1155/2020/8890306

IF: 1.968

2020-08-28

Security and Communication Networks

Abstract:Many studies utilized machine learning schemes to improve network intrusion detection systems recently. Most of the research is based on manually extracted features, but this approach not only requires a lot of labor costs but also loses a lot of information in the original data, resulting in low judgment accuracy and cannot be deployed in actual situations. This paper develops a DL-IDS (deep learning-based intrusion detection system), which uses the hybrid network of Convolutional Neural Network (CNN) and Long Short-Term Memory Network (LSTM) to extract the spatial and temporal features of network traffic data and to provide a better intrusion detection system. To reduce the influence of an unbalanced number of samples of different attack types in model training samples on model performance, DL-IDS used a category weight optimization method to improve the robustness. Finally, DL-IDS is tested on CICIDS2017, a reliable intrusion detection dataset that covers all the common, updated intrusions and cyberattacks. In the multiclassification test, DL-IDS reached 98.67% in overall accuracy, and the accuracy of each attack type was above 99.50%.

computer science, information systems,telecommunications

Ke Cao,Jinqi Zhu,Weijia Feng,Chunmei Ma,Ming Liu,Tian Du

DOI: https://doi.org/10.1109/iwcmc51323.2021.9498652

2021-01-01

Abstract:With the rapid development of the Internet of Things (IoT), the continuous emergence of cyberattacks have brought great threat to the security of the network. Intrusion Detection System (IDS) which can identify malicious network attacks has become a strong tool to ensure network security. Many deep learning-based approaches have been used in IDS. However, most of these researches ignore the internal structural characteristics of the network traffic, and cannot accurately learn the key features of the malicious traffic. Thus, they have a low accuracy in classifying different kinds of network attacks. In this paper, we build an intrusion detection model DAL (Dense-Attention-LSTM, DAL), in which dense dilated convolutions is used to extract the underlying features of the network traffic. Then, attention mechanism is utilized to capture key features which represent the structural characteristics of traffic data. Moreover, CuDNN-based long short-term memory network is used to learn time-related information of the traffic while accelerating the convergence of the model. Finally, global maxpooling is adopted to compress data and to improve the generalization capabilities of the proposed model. Experimental results on UNSW-NB15 dataset show that the binary classification accuracy of the proposed model is up to 92.65%. Further, it can also identify various attacks with the accuracy of 81.28%. The performance of our model is better than some competing machine learning methods and some deep learning methods. We published our code at https://github.co-m/cKiNg37/IDS-model-DAL.

Bo Cao,Chenghai Li,Yafei Song,Yueyi Qin,Chen Chen

DOI: https://doi.org/10.3390/app12094184

2022-04-21

Applied Sciences

Abstract:A network intrusion detection model that fuses a convolutional neural network and a gated recurrent unit is proposed to address the problems associated with the low accuracy of existing intrusion detection models for the multiple classification of intrusions and low accuracy of class imbalance data detection. In this model, a hybrid sampling algorithm combining Adaptive Synthetic Sampling (ADASYN) and Repeated Edited nearest neighbors (RENN) is used for sample processing to solve the problem of positive and negative sample imbalance in the original dataset. The feature selection is carried out by combining Random Forest algorithm and Pearson correlation analysis to solve the problem of feature redundancy. Then, the spatial features are extracted by using a convolutional neural network, and further extracted by fusing Averagepooling and Maxpooling, using attention mechanism to assign different weights to the features, thus reducing the overhead and improving the model performance. At the same time, a Gated Recurrent Unit (GRU) is used to extract the long-distance dependent information features to achieve comprehensive and effective feature learning. Finally, a softmax function is used for classification. The proposed intrusion detection model is evaluated based on the UNSW_NB15, NSL-KDD, and CIC-IDS2017 datasets, and the experimental results show that the classification accuracy reaches 86.25%, 99.69%, 99.65%, which are 1.95%, 0.47% and 0.12% higher than that of the same type of CNN-GRU, and can solve the problems of low classification accuracy and class imbalance well.

Yung-Chung Wang,Yi-Chun Houng,Han-Xuan Chen,Shu-Ming Tseng

DOI: https://doi.org/10.3390/s23042171

IF: 3.9

2023-02-16

Sensors

Abstract:The prevalence of internet usage leads to diverse internet traffic, which may contain information about various types of internet attacks. In recent years, many researchers have applied deep learning technology to intrusion detection systems and obtained fairly strong recognition results. However, most experiments have used old datasets, so they could not reflect the latest attack information. In this paper, a current state of the CSE-CIC-IDS2018 dataset and standard evaluation metrics has been employed to evaluate the proposed mechanism. After preprocessing the dataset, six models—deep neural network (DNN), convolutional neural network (CNN), recurrent neural network (RNN), long short-term memory (LSTM), CNN + RNN and CNN + LSTM—were constructed to judge whether network traffic comprised a malicious attack. In addition, multi-classification experiments were conducted to sort traffic into benign traffic and six categories of malicious attacks: BruteForce, Denial-of-service (DoS), Web Attacks, Infiltration, Botnet, and Distributed denial-of-service (DDoS). Each model showed a high accuracy in various experiments, and their multi-class classification accuracy were above 98%. Compared with the intrusion detection system (IDS) of other papers, the proposed model effectively improves the detection performance. Moreover, the inference time for the combinations of CNN + RNN and CNN + LSTM is longer than that of the individual DNN, RNN and CNN. Therefore, the DNN, RNN and CNN are better than CNN + RNN and CNN + LSTM for considering the implementation of the algorithm in the IDS device.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rongrong Jiang,Zhengqiu Weng,Lili Shi,Erxuan Weng,Hongmei Li,Weiqiang Wang,Tiantian Zhu,Wuzhao Li

DOI: https://doi.org/10.1002/cpe.8258

2024-08-17

Concurrency and Computation Practice and Experience

Abstract:Summary With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount.

computer science, theory & methods, software engineering

Sijie Luo,Zhiheng Zhao,Qiyuan Hu,Yang Liu

DOI: https://doi.org/10.1117/12.2639876

2022-01-01

Abstract:The development of the Industrial Internet has promoted the progress of social productivity, but it also faces attacks from abnormal network traffic. Network intrusion detection systems (NIDSs) ensure the safe and reliable operation of networks by monitoring the network traffic status and detecting abnormal traffic and attacks in a timely manner. To detect network intrusions in real time and efficiently, we propose a hierarchical intrusion detection model CNN-Transformer NIDS with traffic spatio-temporal feature fusion, combined with soft feature selection based on attention mechanism. The model is used for multi-attack detection on the UNSW-NB15 dataset. The comparative experimental results show that: i) spatial features can effectively describe the normal and abnormal states of traffic; ii) temporal features can help the model to better distinguish different types of attacks; iii) the fusion of the spatio-temporal features can comprehensively improve the detection performance of the model. The results of the ablation experiments verify that the attention-based soft feature selection enables the model to effectively focus on the differences between normal and abnormal traffic and between different kinds of attacks, resulting in a 0.32% reduction in the missed detection rate, a 1.36% reduction in the false detection rate, and a 1.68% improvement in the detection rate of NIDS.

Zhihua Liu,Shengquan Liu,Jian Zhang

DOI: https://doi.org/10.32604/cmc.2023.046237

2024-01-01

Abstract:Network intrusion detection systems (NIDS) based on deep learning have continued to make significant advances. However, the following challenges remain: on the one hand, simply applying only Temporal Convolutional Networks (TCNs) can lead to models that ignore the impact of network traffic features at different scales on the detection performance. On the other hand, some intrusion detection methods consider multi-scale information of traffic data, but considering only forward network traffic information can lead to deficiencies in capturing multi-scale temporal features. To address both of these issues, we propose a hybrid Convolutional Neural Network that supports a multi-output strategy (BONUS) for industrial internet intrusion detection. First, we create a multiscale Temporal Convolutional Network by stacking TCN of different scales to capture the multiscale information of network traffic. Meanwhile, we propose a bi-directional structure and dynamically set the weights to fuse the forward and backward contextual information of network traffic at each scale to enhance the model’s performance in capturing the multi-scale temporal features of network traffic. In addition, we introduce a gated network for each of the two branches in the proposed method to assist the model in learning the feature representation of each branch. Extensive experiments reveal the effectiveness of the proposed approach on two publicly available traffic intrusion detection datasets named UNSW-NB15 and NSL-KDD with F1 score of 85.03% and 99.31%, respectively, which also validates the effectiveness of enhancing the model’s ability to capture multi-scale temporal features of traffic data on detection performance.

computer science, information systems,materials science, multidisciplinary

Asmaa Halbouni,Teddy Surya Gunawan,Mohamed Hadi Habaebi,Murad Halbouni,Mira Kartiwi,Robiah Ahmad

DOI: https://doi.org/10.1109/access.2022.3206425

IF: 3.9

2022-09-30

IEEE Access

Abstract:Network security becomes indispensable to our daily interactions and networks. As attackers continue to develop new types of attacks and the size of networks continues to grow, the need for an effective intrusion detection system has become critical. Numerous studies implemented machine learning algorithms to develop an effective IDS; however, with the advent of deep learning algorithms and artificial neural networks that can generate features automatically without human intervention, researchers began to rely on deep learning. In our research, we took advantage of the Convolutional Neural Network's ability to extract spatial features and the Long Short-Term Memory Network's ability to extract temporal features to create a hybrid intrusion detection system model. We added batch normalization and dropout layers to the model to increase its performance. Based on the binary and multiclass classification, the model was trained using three datasets: CIC-IDS 2017, UNSW-NB15, and WSN-DS. The confusion matrix determines the system's effectiveness, which includes evaluation criteria such as accuracy, precision, detection rate, F1-score, and false alarm rate (FAR). The effectiveness of the proposed model was demonstrated by experimental results showing a high detection rate, high accuracy, and a relatively low FAR.

Kai Yang,JiaMing Wang,MinJing Li

DOI: https://doi.org/10.1038/s41598-024-70094-2

2024-08-20

Abstract:In the field of Industrial Internet of Things (IIoT), existing intrusion detection models face challenges in three main areas: low accuracy in detecting attack traffic, feature redundancy when dealing with high-dimensional and complex attack traffic, making it difficult to capture critical information, and a tendency to favor learning common categories while neglecting rare categories when handling imbalanced data. To tackle these challenges, this study introduces an intrusion detection method that combines an attention mechanism, Bidirectional Gated Recurrent Units (BiGRU), and Inception Convolutional Neural Network (Inception-CNN) to enhance the model's detection rate. Simultaneously, the method employs a mixed sampling strategy for data resampling to address the bias learning issue caused by data imbalance. Additionally, the method employs a hybrid sampling strategy for data resampling to address the bias learning issue caused by data imbalance. It also incorporates denoising techniques to handle potential dataset noise introduced by hybrid sampling. Furthermore, a feature selection method combining Pearson correlation coefficient and Random Forest is applied to eliminate feature redundancy, enhancing the model's ability to capture crucial information from high-dimensional attack traffic. Experimental validation on internationally recognized datasets (Edge-IIoTset, CIC-IDS2017, and CIC IoT 2023) affirms the reliability of the proposed intrusion detection method. This approach underscores the significance of intrusion detection in the security of Industrial IoT and showcases its potential in addressing pertinent challenges in network security.