Yanjie Li,Xiaoyu Ji,Chenggang Li,Xiaofeng Xu,Wei Yan,Xu Yan,Yanjiao Chen,Wenyuan Xu

DOI: https://doi.org/10.1109/iceiec49280.2020.9152334

2020-01-01

Abstract:In recent years, artificial intelligence has been widely used in the field of network security, which has significantly improved the effect of network security analysis and detection. However, because the power industrial control system is faced with the problem of shortage of attack data, the direct deployment of the network intrusion detection system based on artificial intelligence is faced with the problems of lack of data, low precision, and high false alarm rate. To solve this problem, we propose an anomaly traffic detection method based on cross-domain knowledge transferring. By using the TrAdaBoost algorithm, we achieve a lower error rate than using LSTM alone.

Zhidong Wang,Yingxu Lai,Zenghui Liu,Jing Liu

DOI: https://doi.org/10.3390/s20143817

IF: 3.9

2020-07-08

Sensors

Abstract:Intrusion detection is only the initial part of the security system for an industrial control system. Because of the criticality of the industrial control system, professionals still make the most important security decisions. Therefore, a simple intrusion alarm has a very limited role in the security system, and intrusion detection models based on deep learning struggle to provide more information because of the lack of explanation. This limits the application of deep learning methods to industrial control network intrusion detection. We analyzed the deep neural network (DNN) model and the interpretable classification model from the perspective of information, and clarified the correlation between the calculation process of the DNN model and the classification process. By comparing the normal samples with the abnormal samples, the abnormalities that occur during the calculation of the DNN model compared to the normal samples could be found. Based on this, a layer-wise relevance propagation method was designed to map the abnormalities in the calculation process to the abnormalities of attributes. At the same time, considering that the data set may already contain some useful information, we designed filtering rules for a kind of data set that can be obtained at a low cost, so that the calculation result is presented in a more accurate manner, which should help professionals lock and address intrusion threats more quickly.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Frantzy Mesadieu,Damiano Torre,Anitha Chennameneni

DOI: https://doi.org/10.1109/access.2024.3390722

IF: 3.9

2024-05-10

IEEE Access

Abstract:The prevalence of cyber-attacks perpetrated over the last two decades, including coordinated attempts to breach targeted organizations, has drastically and systematically exposed some of the more critical vulnerabilities existing in our cyber ecosystem. Particularly in Supervisory Control and Data Acquisition (SCADA) systems with targeted attacks aiming to bypass signature-based protocols, attempting to gain control over operational processes. In the past, researchers utilized deep learning and reinforcement learning algorithms to mitigate threats against industrial control systems (ICS). However, as technology evolves, these techniques become ineffective in monitoring and enhancing the cybersecurity defenses of those system against unwanted attacks. To address these concerns, we propose a deep reinforcement learning (DRL) framework for anomaly detection in the SCADA network. Our model utilizes a "Q-network", which allows it to achieve state-of-the-art performance in pattern recognition from complex tasks. We validated our solution on two publicly available datasets. The WUSTL-IIoT-2018 and the WUSTL-IIoT-2021, each comprised of twenty-five networking features representing benign and attack traffic. The results obtained shows that our model successfully achieved an accuracy of 99.36% in attack detection, highlighting DRL's potential to enhance the security of critical infrastructure and laying the foundation for future research in this domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhenze Liu,Chunyang Wang,Weiping Wang

DOI: https://doi.org/10.1155/2022/2280871

IF: 1.43

2022-07-08

Mathematical Problems in Engineering

Abstract:In the open network environment, industrial control systems face huge security risks and are often subject to network attacks. The existing abnormal detection methods of industrial control networks have the problem of a low intelligence degree of adaptive detection and recognition. To overcome this problem, this article makes full use of the advantages of deep reinforcement learning in decision-making and builds a learning system with continuous learning ability. Specifically, industrial control network and deep reinforcement learning characteristics are applied to design a unique reward and learning mechanism. Moreover, an industrial control anomaly detection system based on deep reinforcement learning is constructed. Finally, we verify the algorithm on the gas pipeline industrial control dataset of Mississippi State University. The experimental results show that the convergence rate of this model is significantly higher than that of traditional deep learning methods. More importantly, this model can get a higher F1 score.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Guangxia Lia,Yulong Shena,Peilin Zhaob,Xiao Lu,Jia Liu,Yangyang Liu,Steven C. H. Hoi

DOI: https://doi.org/10.48550/arXiv.1912.03589

IF: 5.414

2019-12-08

Machine Learning

Abstract:Industrial control systems are critical to the operation of industrial facilities, especially for critical infrastructures, such as refineries, power grids, and transportation systems. Similar to other information systems, a significant threat to industrial control systems is the attack from cyberspace---the offensive maneuvers launched by "anonymous" in the digital world that target computer-based assets with the goal of compromising a system's functions or probing for information. Owing to the importance of industrial control systems, and the possibly devastating consequences of being attacked, significant endeavors have been attempted to secure industrial control systems from cyberattacks. Among them are intrusion detection systems that serve as the first line of defense by monitoring and reporting potentially malicious activities. Classical machine-learning-based intrusion detection methods usually generate prediction models by learning modest-sized training samples all at once. Such approach is not always applicable to industrial control systems, as industrial control systems must process continuous control commands with limited computational resources in a nonstop way. To satisfy such requirements, we propose using online learning to learn prediction models from the controlling data stream. We introduce several state-of-the-art online learning algorithms categorically, and illustrate their efficacies on two typically used testbeds---power system and gas pipeline. Further, we explore a new cost-sensitive online learning algorithm to solve the class-imbalance problem that is pervasive in industrial intrusion detection systems. Our experimental results indicate that the proposed algorithm can achieve an overall improvement in the detection rate of cyberattacks in industrial control systems.

Weiping Wang,Junjiang Guo,Zhen Wang,Hao Wang,Jun Cheng,Chunyang Wang,Manman Yuan,Jürgen Kurths,Xiong Luo,Yang Gao,Weiping Wang,Junjiang Guo,Zhen Wang,Hao Wang,Jun Cheng,Chunyang Wang,Manman Yuan,Jürgen Kurths,Xiong Luo,Yang Gao

DOI: https://doi.org/10.1016/j.amc.2021.126379

IF: 4.397

2021-11-01

Applied Mathematics and Computation

Abstract:<p>Industrial control systems are the brain and central nervous system of a country's vital infrastructure. Once the control system collapses, the consequences are unimaginable. Therefore, the safety of industrial control system has become the top priority in the field of safety. Aiming at the problem that the traditional abnormal flow detection model in the industrial control system is not accurate in identifying abnormalities, we combine the perception ability of deep learning with the decision-making ability of reinforcement learning, and propose an abnormal flow detection model based on deep reinforcement learning. The neural network is used to extract the features of the preprocessed dataset, and then the learning strategy can be adjusted according to the special advantages of strengthening the decision-making ability of learning and feedback. The experimental results show that the model based on deep reinforcement learning can achieve 98.06% accuracy in abnormal flow detection.Compared with various methods proposed by peers in current literature, this method is superior to other technologies in four evaluation indexes including accuracy rate, accuracy rate, recall rate and F1 score, among which the accuracy is increased by 2 percentage points.</p>

mathematics, applied

Guangyu Qian,Jinyuan Li,Wei He,Wei Zhang,You Cao

DOI: https://doi.org/10.1007/s10207-024-00845-9

2024-04-28

International Journal of Information Security

Abstract:Intrusion detection in industrial control systems (ICS) is crucial for maintaining the security of physical information systems. However, the existing models predominantly rely on black-box approaches, which exhibit limitations in result credibility and the ability to adapt to complex and dynamic environments. Consequently, this paper proposes an online updatable extended belief rule base model (O-EBRB) for intrusion detection in ICS. Firstly, an industrial intrusion detection model rooted in the extended belief rule base (EBRB) is established. This model excels in concurrently processing both quantitative and qualitative data, ensuring the reliability of its outcomes. Subsequently, a novel domain-based rule update methodology for integrating new observation data is proposed. By incorporating or merging fresh data into the original model, it enhances the model's adaptability in dynamic settings. Finally, employing the domain-based rule weight calculation approach, the model continues to effectively compute model parameters even with the continuous expansion of rules. Through extensive experimentation on two real-world industrial intrusion detection datasets, the results demonstrate the effectiveness of the proposed model in handling information and its robust performance in dynamic environments.

computer science, information systems, theory & methods, software engineering

Sumegh Tharewal,Mohammed Waseem Ashfaque,Sayyada Sara Banu,Perumal Uma,Samar Mansour Hassen,Mohammad Shabaz

DOI: https://doi.org/10.1155/2022/9023719

2022-03-07

Wireless Communications and Mobile Computing

Abstract:The Industrial Internet of Things has grown significantly in recent years. While implementing industrial digitalization, automation, and intelligence introduced a slew of cyber risks, the complex and varied industrial Internet of Things environment provided a new attack surface for network attackers. As a result, conventional intrusion detection technology cannot satisfy the network threat discovery requirements in today’s Industrial Internet of Things environment. In this research, the authors have used reinforcement learning rather than supervised and unsupervised learning, because it could very well improve the decision-making ability of the learning process by integrating abstract thinking of complete understanding, using deep knowledge to perform simple and nonlinear transformations of large-scale original input data into higher-level abstract expressions, and using learning algorithm or learning based on feedback signals, in the lack of guiding knowledge, which is based on the trial-and-error learning model, from the interaction with the environment to find the best good solution. In this respect, this article presents a near-end strategy optimization method for the Industrial Internet of Things intrusion detection system based on a deep reinforcement learning algorithm. This method combines deep learning’s observation capability with reinforcement learning’s decision-making capability to enable efficient detection of different kinds of cyberassaults on the Industrial Internet of Things. In this manuscript, the DRL-IDS intrusion detection system is built on a feature selection method based on LightGBM, which efficiently selects the most attractive feature set from industrial Internet of Things data; when paired with deep learning algorithms, it effectively detects intrusions. To begin, the application is based on GBM’s feature selection algorithm, which extracts the most compelling feature set from Industrial Internet of Things data; then, in conjunction with the deep learning algorithm, the hidden layer of the multilayer perception network is used as the shared network structure for the value network and strategic network in the PPO2 algorithm; and finally, the intrusion detection model is constructed using the PPO2 algorithm and ReLU (R). Numerous tests conducted on a publicly available data set of the Industrial Internet of Things demonstrate that the suggested intrusion detection system detects 99 percent of different kinds of network assaults on the Industrial Internet of Things. Additionally, the accuracy rate is 0.9%. The accuracy, precision, recall rate, F1 score, and other performance indicators are superior to those of the existing intrusion detection system, which is based on deep learning models such as LSTM, CNN, and RNN, as well as deep reinforcement learning models such as DDQN and DQN.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Gauthama Raman M. R.,Chuadhry Mujeeb Ahmed,Aditya Mathur

DOI: https://doi.org/10.1186/s42400-021-00095-5

2021-08-02

Abstract:Abstract Gradual increase in the number of successful attacks against Industrial Control Systems (ICS) has led to an urgent need to create defense mechanisms for accurate and timely detection of the resulting process anomalies. Towards this end, a class of anomaly detectors, created using data-centric approaches, are gaining attention. Using machine learning algorithms such approaches can automatically learn the process dynamics and control strategies deployed in an ICS. The use of these approaches leads to relatively easier and faster creation of anomaly detectors compared to the use of design-centric approaches that are based on plant physics and design. Despite the advantages, there exist significant challenges and implementation issues in the creation and deployment of detectors generated using machine learning for city-scale plants. In this work, we enumerate and discuss such challenges. Also presented is a series of lessons learned in our attempt to meet these challenges in an operational plant.

computer science, information systems, interdisciplinary applications, software engineering

Ahmed S. Alzahrani,Reehan Ali Shah,Yuntao Qian,Munwar Ali

DOI: https://doi.org/10.1016/j.aej.2020.01.021

IF: 6.626

2020-01-01

Alexandria Engineering Journal

Abstract:With the rapid advancement in technology, network systems are becoming prone to more sophisticated types of intrusions. However, machine learning (ML) based strategies are among the most efficient and popular methods to identify the network intrusions or attacks. In this study, we examined the important and discriminative features, in order to recognize the various attacks by applying the Structural Sparse Logistic Regression (SSPLR) and Support Vector Machine (SVMs) methods. The SVMs are standard ML-based techniques, which provide the reasonable performance, however, they have few shortcomings, such as, interpretability and huge computational cost. On the other hand, the sparse modeling (SSPLR) is considered as the advanced method for the data examination and processing through regularization. The structural sparse modeling can be used to simultaneously select the distinct features or the group of discriminative features from the repository of the data set to determine the coefficient of the linear classifier, where, prior information of the feature’s structure can be mapped on various sparsity-inducing regularizations. In this way, the particular group of features yielded by the most significant network attacks are selected and potentially identified. The experiments and discussion, show that the proposed techniques have improved performance compared to the most state-of-the-art techniques, used for the Intrusion Detection System (IDS).

Congqi Shen,Geyang Xiao,Shaofeng Yao,Boyang Zhou,Zhongxia Pan,Hong Zhang

DOI: https://doi.org/10.1109/spac53836.2021.9539933

2021-01-01

Abstract:Current Industrial Internet faces serious threats where attackers propagate malicious flows, resulting in communication failures in the Industrial Internet. In this work, we propose a practical and novel method to detect malicious traffic attack in real time with high accuracy. Our primary idea is to capture network flow, extract adequate network flow features, construct a long short-term memory (LSTM) based deep learning model, and identify the property of the corresponding network flow. Whether the network suffers attack or not is then determined according to the detection results. The corresponding prototype is also implemented in the Industrial Internet which is equipped with Software Defined Networking (SDN). Experimental results validate that the proposed method is effective in defending against malicious traffic attack in real-world network.

Muhammad Azmi Umer,Khurum Nazir Junejo,Muhammad Taha Jilani,Aditya P. Mathur

DOI: https://doi.org/10.48550/arXiv.2202.11917

2022-02-24

Cryptography and Security

Abstract:Methods from machine learning are being applied to design Industrial Control Systems resilient to cyber-attacks. Such methods focus on two major areas: the detection of intrusions at the network-level using the information acquired through network packets, and detection of anomalies at the physical process level using data that represents the physical behavior of the system. This survey focuses on four types of methods from machine learning in use for intrusion and anomaly detection, namely, supervised, semi-supervised, unsupervised, and reinforcement learning. Literature available in the public domain was carefully selected, analyzed, and placed in a 7-dimensional space for ease of comparison. The survey is targeted at researchers, students, and practitioners. Challenges associated in using the methods and research gaps are identified and recommendations are made to fill the gaps.

Mousa'B Mohammad Shtayat,Mohammad Kamrul Hasan,Rossilawati Sulaiman,Shayla Islam,Atta Ur Rehman Khan

DOI: https://doi.org/10.1109/access.2023.3323573

IF: 3.9

2023-10-28

IEEE Access

Abstract:Ensuring the security of critical Industrial Internet of Things (IIoT) systems is of utmost importance, with a primary focus on identifying cyber-attacks using Intrusion Detection Systems (IDS). Deep learning (DL) techniques are frequently utilized in the anomaly detection components of IDSs. However, these models often generate high false-positive rates, and their decision-making rationale remains opaque, even to experts. Gaining insights into the reasons behind an IDS's decision to block a specific packet can aid cybersecurity professionals in assessing the system's effectiveness and creating more cyber-resilient solutions. In this paper, we offer an explainable ensemble DL-based IDS to improve the transparency and robustness of DL-based IDSs in IIoT networks. The framework incorporates Shapley additive explanations (SHAP) and Local comprehensible-independent Clarifications (LIME) methods to elucidate the decisions made by DL-based IDSs, providing valuable insights to experts responsible for maintaining IIoT network security and developing more cyber-resilient systems. The ToN_IoT dataset was used to evaluate the efficacy of the suggested framework. As a baseline intrusion detection system, the extreme learning machines (ELM) model was implemented and compared with other models. Experiments show the effectiveness of ensemble learning to improve the results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Vegard Berge,Chunlei Li

2024-10-26

Abstract:Traditional intrusion detection systems (IDSs) often rely on either network traffic or process data, but this single-source approach may miss complex attack patterns that span multiple layers within industrial control systems (ICSs) or persistent threats that target different layers of operational technology systems. This study investigates whether combining both network and process data can improve attack detection in ICSs environments. Leveraging the SWaT dataset, we evaluate various machine learning models on individual and combined data sources. Our findings suggest that integrating network traffic with operational process data can enhance detection capabilities, evidenced by improved recall rates for cyber attack classification. Serving as a proof-of-concept within a limited testing environment, this research explores the feasibility of advancing intrusion detection through a multi-source data approach in ICSs. Although the results are promising, they are preliminary and highlight the need for further studies across diverse datasets and refined methodologies.

Cryptography and Security

Yongle Chen,Sida Su,Dan Yu,Hao He,Xiaojian Wang,Yao Ma,Hao Guo

DOI: https://doi.org/10.1109/jiot.2022.3201888

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:Constrained by the high acquisition and labeling cost, traffic data in industrial control systems (ICSs) are usually extremely imbalanced. Deep-learning-based (DL) industrial control intrusion detection systems (IDSs) are not applicable to dynamic networks and show a limited detection performance. In this article, we enhanced the information transmission link in adversarial domain adaptation (DA) and proposed an information-enhanced adversarial DA (IADA) method. Our method could train a cross-domain industrial intrusion detection deep model with imbalanced data and maintained high detection accuracy. The experimental results based on SCADA network layer data showed that the detection accuracy of the gated recurrent unit model trained in IADA reached 93.7% and 91.3% in the two transfer tasks with a significant cross-domain discrepancy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ali Alzahrani,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/su15108076

IF: 3.9

2023-05-17

Sustainability

Abstract:Online food security and industrial environments and sustainability-related industries are highly confidential and in urgent need for network traffic analysis to attain proper security information to avoid attacks from anywhere in the world. The integration of cutting-edge technology such as the Internet of things (IoT) has resulted in a gradual increase in the number of vulnerabilities that may be exploited in supervisory control and data acquisition (SCADA) systems. In this research, we present a network intrusion detection system for SCADA networks that is based on deep learning. The goal of this system is to defend ICSs against network-based assaults that are both conventional and SCADA-specific. An empirical evaluation of a number of classification techniques including k-nearest neighbors (KNN), linear discriminant analysis (LDA), random forest (RF), convolution neural network (CNN), and integrated gated recurrent unit (GRU) is reported in this paper. The suggested algorithms were tested on a genuine industrial control system (SCADA), which was known as the WUSTL-IIoT-2018 and WUSTL-IIoT-20121 datasets. SCADA system operators are now able to augment proposed machine learning and deep learning models with site-specific network attack traces as a result of our invention of a re-training method to handle previously unforeseen instances of network attacks. The empirical results, using realistic SCADA traffic datasets, show that the proposed machine learning and deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerging threats. The accuracy performance attained by the KNN and RF algorithms was superior and achieved a near-perfect score of 99.99%, whereas the CNN-GRU model scored an accuracy of 99.98% using WUSTL-IIoT-2018. The Rf and GRU algorithms achieved >99.75% using the WUSTL-IIoT-20121 dataset. In addition, a statistical analysis method was developed in order to anticipate the error that exists between the target values and the prediction values. According to the findings of the statistical analysis, the KNN, RF, and CNN-GRU approaches were successful in achieving an R2 > 99%. This was demonstrated by the fact that the approach was able to handle previously unknown threats in the industrial control systems (ICSs) environment.

environmental sciences,environmental studies,green & sustainable science & technology

Ding, Yong

DOI: https://doi.org/10.1007/s12083-023-01586-7

IF: 3.488

2024-01-10

Peer-to-Peer Networking and Applications

Abstract:With the advent of Industry 4.0, industrial control systems (ICS) are more and more closely connected with the Internet, leading to a rapid increase in the types and quantities of security threats that arise from ICS. Anomaly detection is an effective defense measure against attacks. At present, it is the main trend to use hybrid deep learning methods to realize ICS anomaly detection. However, we found that many ICS anomaly detection methods based on hybrid deep learning adopt phased learning, in which each phase is optimized separately with optimization goals deviating from the overall goal. In view of this issue, we propose an end-to-end anomaly detection method SAKMR based on hybrid deep learning. Our method uses radial basis function network (RBFN) to realize K-means clustering, and combines it with stacked auto-encoder (SAE), which is conducive to defining reconstruction error and clustering error into an objective function to ensure joint optimization of feature extraction and classification. Experiments were conducted on the commonly used KDDCUP99 and SWAT datasets. The results show that SAKMR is effective in detecting abnormal industrial control data and outperforms the baseline methods on multiple performance indicators such as F1-Measure.

computer science, information systems,telecommunications

Mingshu He,Xiaojuan Wang,Peng Wei,Liu Yang,Yinglei Teng,Renjian Lyu

DOI: https://doi.org/10.1109/tnsm.2024.3352586

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Anomaly detection plays an essential role in network security and traffic classification. Many studies have focused on anomaly detection to improve network security, including machine learning and deep learning methods. These methods often require numerous samples and must obtain the results by classifying the entire data set, thereby limiting their inflexibility. Although transfer and multitask learning have achieved some results in the model’s transferability, these methods must manually label or reprocess the test set. These problems limit the application of previous methods in network security management. To solve these problems, we propose a transferable and adaptable network intrusion detection system (TA-NIDS) based on deep reinforcement learning. The interaction process between the agent and the environment varies every time. A small-scale data set can be used to produce many interactive processes. Therefore, robustness is guaranteed when there are few samples. Then, a reasonable reward function allows the agent to learn how to first choose outliers without classifying the entire data set. This makes the TA-NIDS more adaptable to the scene when we prioritize apparent outliers. More importantly, the original features are transformed into the state of the environment, so no requirement exists for the feature dimension. Furthermore, the general rather than the specific state of one data set makes the model transferable to other data sets. The experimental results for IDS2017, IDS2018, NSL-KDD, UNSW-NB15 and CIC-IoT2023 show that the proposed framework maintains good accuracy when prioritizing outliers and transferability are prioritized simultaneously.

computer science, information systems

S. Nagarajan,S. Kayalvizhi,R. Subhashini,V. Anitha

DOI: https://doi.org/10.1016/j.cie.2023.109166

2023-04-23

Abstract:The security analysis has become the hotspot concern in Industrial Control Systems (ICSs) that grabs the research attention in today's era. Owing to the rapid admittance of the Industrial Internet of Things (IIoT), the superimposition of fog and cloud computing plays a pivotal role for rectifying such issues as fewer computation resources and more latency in the network. In addition to this, security issue comes first while developing the ICS in the sector of IIoT. In general, ICS is applied for various processes, such as electric utilization and water supply management, that are related to every individual's life. Though it is interlinked with the Internet, it can easily expose to different threats. To defend the model, Intrusion Detection Systems (IDS) are employed. In signature-based detection, anomaly detection is used to find out the unknown attacks in the network. Yet, the ICS is structured with many software and hardware tools. It also seems in the openness nature of the industrial environment that, it becomes vulnerable to various attacks. Hence, detecting unknown attacks is a complex task in the openness nature of the industrial environment. It causes failure to protect such systems from malicious entities that could result in more complications for humans. Hence, the detection of malicious activities is essential. In order to provide an efficient model, a new hybrid deep learning is proposed in ICS. Initially, the original data is to be collected based on the ICS industry. Secondly, the gathered data is preprocessed to clean the artifacts and clean the data. Thirdly, the optimal features are chosen directly from the gathered data with the help of a hybrid algorithm called the Hybrid Honey Badger-World Cup Algorithm (HHB-WCA). The chosen optimal features are fed to the hybrid deep learning termed as Autoencoder-Bi-directional Long Short-Term Memory (A-Bi-LSTM), where the encoded features from Autoencoder are extracted and encoded features are subjected to the Bi-LSTM classifier. Finally, the simulation outcome has shown that the developed method is compared with the other traditional algorithms to detect the unknown classes in the network.

computer science, interdisciplinary applications,engineering, industrial