Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ningxin He,Zehui Zhang,Xiaotian Wang,Tiegang Gao

DOI: https://doi.org/10.1155/2023/2956990

IF: 8.993

2023-01-01

International Journal of Intelligent Systems

Abstract:Intrusion detection systems play a very important role in industrial Internet network security. However, in the large-scale, complex, and heterogeneous industrial Internet of Things (IoT), it is becoming more and more difficult to defend network intrusion threats due to the insufficiency of high-quality attack samples. To solve the problem, an efficient federated network intrusion method called EFedID is proposed for industrial IoT, which can allow different industrial agents to collaboratively train a comprehensive detection model. Specifically, the adaptive gradient sparsification method is introduced to alleviate the communication and computation overheads. To protect the data privacy of the agents, a CKKS cryptosystem-based secure communication protocol is designed to encrypt the model parameters through the federated training process. Our proposed system demonstrates exceptional detection performance on the NSL-KDD, KDD CUP 99, and CICIDS 2017 datasets. Notably, on the NSL-KDD dataset, the model compression rate reaches 9 times while the model accuracy reaches 84.31%. On the KDD CUP 99 dataset, the model compression rate reaches 8.9 times while the model accuracy reaches 97.3%. Lastly, on the CICIDS 2017 dataset, the model compression rate reached 6.173 times while the model accuracy reached 95.51%. The experimental results demonstrate that the proposed method is very suitable for effectively developing a high-accuracy detection model while protecting the data information of industrial agents. Furthermore, the method can be extended to other recent deep learning networks for intrusion detection.

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Basharat Ahmad,Zhaoliang Wu,Yongfeng Huang,Sadaqat Ur Rehman

DOI: https://doi.org/10.1016/j.knosys.2024.112614

IF: 8.139

2024-10-21

Knowledge-Based Systems

Abstract:The Internet of Things (IoT) networks, which are defined by their interconnected devices and data streams are an expanding attack surface for cyber adversaries. Industrial Internet of Things (IIoT) is a subset of IoT and has significant importance in-terms of security. Robust intrusion detection systems (IDS) are essential for protecting these critical infrastructures. Our research suggests a novel approach to the detection of anomalies in IoT and IIoT networks that leverages the capabilities of deep transfer learning. Our methodology begins with the EdgeIIoT dataset, which serves as the basis for our data analysis. We convert the data into an appropriate image format to enable Convolutional Neural Network (CNN)-based processing. The hyper-parameters of individual machine learning models are subsequently optimized using a Random Search algorithm. This optimization phase optimizes the performance of each model by modifying the hyper-parameters that are unique to the learning algorithms. The performance of each model is meticulously assessed subsequent to hyper-parameter optimization. The top-performing models are subsequently, strategically selected and combined using the ensemble technique. The IDS scheme's overall detection accuracy and generalizability are improved by the integration of strengths from multiple models. The proposed scheme demonstrates significant effectiveness in identifying a broad spectrum of attacks, encompassing a total of 14 distinct attack types. This comprehensive detection capability contributes to a more secure and resilient IoT ecosystem. Furthermore, application of quantization to our best models reduces resource utilization significantly without compromising accuracy.

computer science, artificial intelligence

Akbar Telikani,Jun Shen,Jie Yang,Peng Wang

DOI: https://doi.org/10.1109/JIOT.2022.3188224

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Cyber attacks and intrusions have become the major obstacles to the adoption of the Industrial Internet of Things (IIoT) in critical industries. Imbalanced data distribution is a common problem in IIoT environments that negatively influence machine learning-based intrusion detection systems (IDSs). To address this issue, we introduce EvolCostDeep, a hybrid model of stacked autoencoders (SAE) and convolutional neural networks (CNNs) with a new cost-dependent loss function. The loss function aims to optimize the model’s parameters, where the costs are determined using an evolutionary algorithm. The combination of evolutionary algorithms and deep learning (DL) on Big data hinders the scalability of IIoT IDSs. In this regard, a fog computing-enabled framework, called DeepIDSFog, is designed at the data level, where the master node shares the EvolCostDeep model with worker nodes. In each fog worker node, the EvolCostDeep is parallelized through one task-level and two model-level mechanisms. After aggregating detection outputs from worker nodes to the master, the result is passed to the cloud platform for mitigating attacks. A series of experiments is conducted on the ToN-IoT and UNSW-NB15 data sets to evaluate the performance of EvolCostDeep and DeepIDSFog. The results show that our frameworks can effectively handle both class imbalance problem and scalability of big IIoT traffic data compared with the other models. The averaged values of the EvolCostDeep for recall, precision, and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$F1$ </tex-math></inline-formula> -score on the data sets are of 93.3%, 97.6%, and 95.2%, respectively, which are higher than the compared methods. Also, the DeepIDSFog provides an average speedup of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$38.7\times $ </tex-math></inline-formula> over other comparing models.

Zhao Zhang,Yong Zhang,Hao Li,Shenbo Liu,Wei Chen,Zhigang Zhang,Lijun Tang

DOI: https://doi.org/10.1016/j.engappai.2024.108826

IF: 8

2024-01-01

Engineering Applications of Artificial Intelligence

Abstract:As a promising paradigm, Federated Learning (FL)-based distributed intrusion detection offers potent protection for the network security of Industrial Internet of Things (IIoT) systems. Nonetheless, the practical deployment of IIoT systems occurs in a highly-complex and dynamic distributed environment. The ever-growing and dynamically-evolving cyber attacks will render the FL-based intrusion detection model inefficient, since FL cannot gracefully learn from the dynamic traffic data streams to identify new attacks. To address this issue, we propose the evolutionary distributed intrusion detection system based on federated continual representation learning, designed to continually capture effective feature representations of emerging attacks from dynamic traffic data streams. Specifically, we develop the supervised contrastive loss and the global information-aware regularization loss to alleviate the catastrophic forgetting on the previously observed attacks and mitigate the data heterogeneity across clients. Besides, we propose the prototype variance-based memory update strategy to ensure the effective memory replay data. Extensive experimental results demonstrate our proposed method outperforms the state-of-the-art methods by 13.3%–31.5% in terms of average accuracy on a real energy intrusion detection dataset.

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

Zhendong Wang,Xin Yang,Zhiyuan Zeng,Daojing He,Sammy Chan

DOI: https://doi.org/10.1007/s12083-024-01749-0

2024-01-01

Abstract:With the continual evolution of network technologies, the Internet of Things (IoT) has permeated various sectors of society. However, over the past decade, the annual discovery of cyberattacks has shown an exponential surge, inflicting severe damage to economic development. Aiming at the high false alarm rate, poor classification performance and overfitting problems in current intrusion detection systems, this paper proposes an efficient hierarchical intrusion detection model named ET-DCANET. Initially, the extreme random tree algorithm is employed for feature selection to meticulously curate the optimal feature subset. Subsequently, the dilated convolution and dual attention mechanism (including channel attention and spatial attention) are introduced, and a strategy of gradual transition from coarse-grained learning to fine-grained learning is proposed by gradually narrowing the expansion rate of cavity convolution, and the DCNN and dual attention modules are progressively refined to effectively utilize the synergy of DCNN and Attention to extract spatial and temporal features. This gradual transition from coarse-grained learning to fine-grained learning helps to better balance global and local information when dealing with complex data, and improves the performance and generalization ability of the model. To confront the class imbalance issue within the dataset, a novel loss function, EQLv2, is introduced as a substitute for the conventional cross-entropy (CE) loss. This innovation directs the model's focus toward minority class samples, ultimately enhancing the overall performance of the model. The proposed model shows excellent intrusion detection on the NSL-KDD, UNSW-NB15, and X-IIoTID datasets with accuracy rates of 99.68

Laisen Nie,Zhaolong Ning,Xiaojie Wang,Xiping Hu,Jun Cheng,Yongkang Li

DOI: https://doi.org/10.1109/tnse.2020.2990984

IF: 6.6

2020-01-01

IEEE Transactions on Network Science and Engineering

Abstract:As an industrial application of Internet of Things (IoT), Internet of Vehicles (IoV) is one of the most crucial techniques for Intelligent Transportation System (ITS), which is a basic element of smart cities. The primary issue for the deployment of ITS based on IoV is the security for both users and infrastructures. The Intrusion Detection System (IDS) is important for IoV users to keep them away from various attacks via the malware and ensure the security of users and infrastructures. In this paper, we design a data-driven IDS by analyzing the link load behaviors of the Road Side Unit (RSU) in the IoV against various attacks leading to the irregular fluctuations of traffic flows. A deep learning architecture based on the Convolutional Neural Network (CNN) is designed to extract the features of link loads, and detect the intrusion aiming at RSUs. The proposed architecture is composed of a traditional CNN and a fundamental error term in view of the convergence of the backpropagation algorithm. Meanwhile, a theoretical analysis of the convergence is provided by the probabilistic representation for the proposed CNN-based deep architecture. We finally evaluate the accuracy of our method by way of implementing it over the testbed.

Lochana Telugu Rajesh,Tapadhir Das,Raj Mani Shukla,Shamik Sengupta

DOI: https://doi.org/10.48550/arXiv.2310.07354

IF: 14.4

2023-10-11

Artificial Intelligence

Abstract:The rapid growth in Internet of Things (IoT) technology has become an integral part of today's industries forming the Industrial IoT (IIoT) initiative, where industries are leveraging IoT to improve communication and connectivity via emerging solutions like data analytics and cloud computing. Unfortunately, the rapid use of IoT has made it an attractive target for cybercriminals. Therefore, protecting these systems is of utmost importance. In this paper, we propose a federated transfer learning (FTL) approach to perform IIoT network intrusion detection. As part of the research, we also propose a combinational neural network as the centerpiece for performing FTL. The proposed technique splits IoT data between the client and server devices to generate corresponding models, and the weights of the client models are combined to update the server model. Results showcase high performance for the FTL setup between iterations on both the IIoT clients and the server. Additionally, the proposed FTL setup achieves better overall performance than contemporary machine learning algorithms at performing network intrusion detection.

Bing Hu,Yuanguo Bi,Mingjian Zhi,Kuan Zhang,Feihong Yan,Qian Zhang,Zheng Liu

DOI: https://doi.org/10.1109/tii.2021.3133300

IF: 12.3

2022-06-01

IEEE Transactions on Industrial Informatics

Abstract:The unprecedented development of intelligent manufacturing requires to customize and change the network traffic strategies frequently. With the advantages of highagility and programmability, software-defined networking can dynamically manage industrial networks, which makes it a promising networking technology for intelligent manufacturing. However, the software-defined industrial network architecture is vulnerable to network attacks, which may degrade manufacturing productivity, and even cause accidents. In this article, we propose a deep learning-based one-class intrusion detection scheme (DO-IDS) to improve the security of industrial networks. Firstly, DO-IDS periodically extracts the flow statistics of the industrial network traffic to generate network status features. Then, it utilizes a deep learning-based dimension reduction approach to filter redundant features. In addition, a deep learning-based one-class detector is designed to calculate the abnormal scores of the network status features. Finally, we conduct extensive simulations, which demonstrates that DO-IDS can detect abnormal traffic with enhanced accuracy and high efficiency.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jin Cao,Liwei Lin,Ruhui Ma,Haibing Guan,Mengke Tian,Yong Wang

DOI: https://doi.org/10.1093/comjnl/bxac119

2022-01-01

Abstract:With the rapid development of the Internet of Things (IoT), network security challenges are becoming more and more complex, and the scale of intrusion attacks against the network is gradually increasing. Therefore, researchers have proposed Intrusion Detection Systems and constantly designed more effective systems to defend against attacks. One issue to consider is using limited computing power to process complex network data efficiently. In this paper, we take the AWID dataset as an example, propose an efficient data processing method to mitigate the interference caused by redundant data and design a lightweight deep learning-based model to analyze and predict the data category. Finally, we achieve an overall accuracy of 99.77% and an accuracy of 97.95% for attacks on the AWID dataset, with a detection rate of 99.98% for the injection attack. Our model has low computational overhead and a fast response time after training, ensuring the feasibility of applying to edge nodes with weak computational power in the IoT.

Shahriar Usman Khan,Fariha Eusufzai,Saifur Rahman Sabuj,Mahmoud Elsharief,Md Mamunur Rashid,Md. Azharuddin Redwan

DOI: https://doi.org/10.3390/network3010008

2023-01-30

Network

Abstract:The Internet of Things (IoT) is a network of electrical devices that are connected to the Internet wirelessly. This group of devices generates a large amount of data with information about users, which makes the whole system sensitive and prone to malicious attacks eventually. The rapidly growing IoT-connected devices under a centralized ML system could threaten data privacy. The popular centralized machine learning (ML)-assisted approaches are difficult to apply due to their requirement of enormous amounts of data in a central entity. Owing to the growing distribution of data over numerous networks of connected devices, decentralized ML solutions are needed. In this paper, we propose a Federated Learning (FL) method for detecting unwanted intrusions to guarantee the protection of IoT networks. This method ensures privacy and security by federated training of local IoT device data. Local IoT clients share only parameter updates with a central global server, which aggregates them and distributes an improved detection algorithm. After each round of FL training, each of the IoT clients receives an updated model from the global server and trains their local dataset, where IoT devices can keep their own privacy intact while optimizing the overall model. To evaluate the efficiency of the proposed method, we conducted exhaustive experiments on a new dataset named Edge-IIoTset. The performance evaluation demonstrates the reliability and effectiveness of the proposed intrusion detection model by achieving an accuracy (92.49%) close to that offered by the conventional centralized ML models’ accuracy (93.92%) using the FL method.

Tian Dong,Han Qiu,Jialiang Lu,Meikang Qiu,Chun Fan

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom52081.2021.00071

2021-01-01

Abstract:Network Intrusion Detection Systems (NIDSs) are extremely important in defending against emergent cyberattacks. However, current NIDSs for Internet-of-Things (IoT) devices have not taken actual device computation limitation into account, and are still based on resource-consuming neural networks. In this paper, we propose a simple but effective FL-based NIDS. Specifically, we leverage the characteristic of network traffic data (a kind of tabular data), i.e. slight value change does not affect inherent feature, and use data binning to extract feature data on clients. The feature data are then used for training the classifier on the server. We also use data masking to further enhance data protection. We evaluate our NIDS on the public DDoS attack classification benchmark, and the result shows that our NIDS can achieve comparable performance as locally trained NIDS while significantly reducing the communication cost.

Priyanka Verma,John G. Breslin,Donna O'Shea

DOI: https://doi.org/10.3390/s22228974

IF: 3.9

2022-11-19

Sensors

Abstract:The rapid development in manufacturing industries due to the introduction of IIoT devices has led to the emergence of Industry 4.0 which results in an industry with intelligence, increased efficiency and reduction in the cost of manufacturing. However, the introduction of IIoT devices opens up the door for a variety of cyber threats in smart industries. The detection of cyber threats against such extensive, complex, and heterogeneous smart manufacturing industries is very challenging due to the lack of sufficient attack traces. Therefore, in this work, a Federated Learning enabled Deep Intrusion Detection framework is proposed to detect cyber threats in smart manufacturing industries. The proposed FLDID framework allows multiple smart manufacturing industries to build a collaborative model to detect threats and overcome the limited attack example problem with individual industries. Moreover, to ensure the privacy of model gradients, Paillier-based encryption is used in communication between edge devices (representative of smart industries) and the server. The deep learning-based hybrid model, which consists of a Convolutional Neural Network, Long Short Term Memory, and Multi-Layer Perceptron is used in the intrusion detection model. An exhaustive set of experiments on the publically available dataset proves the effectiveness of the proposed framework for detecting cyber threats in smart industries over the state-of-the-art approaches.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Othmane Belarbi,Theodoros Spyridopoulos,Eirini Anthi,Ioannis Mavromatis,Pietro Carnelli,Aftab Khan

2023-08-05

Abstract:The vast increase of Internet of Things (IoT) technologies and the ever-evolving attack vectors have increased cyber-security risks dramatically. A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. However, this approach may violate data privacy and prohibit IDS scalability. Therefore, intrusion detection solutions in IoT ecosystems need to move towards a decentralised direction. Federated Learning (FL) has attracted significant interest in recent years due to its ability to perform collaborative learning while preserving data confidentiality and locality. Nevertheless, most FL-based IDS for IoT systems are designed under unrealistic data distribution conditions. To that end, we design an experiment representative of the real world and evaluate the performance of an FL-based IDS. For our experiments, we rely on TON-IoT, a realistic IoT network traffic dataset, associating each IP address with a single FL client. Additionally, we explore pre-training and investigate various aggregation methods to mitigate the impact of data heterogeneity. Lastly, we benchmark our approach against a centralised solution. The comparison shows that the heterogeneous nature of the data has a considerable negative impact on the model's performance when trained in a distributed manner. However, in the case of a pre-trained initial global FL model, we demonstrate a performance improvement of over 20% (F1-score) compared to a randomly initiated global model.

Cryptography and Security,Machine Learning

Wenbin Yu,Yiyin Wang,Lei Song

DOI: https://doi.org/10.20944/preprints201912.0174.v1

2019-01-01

Abstract:Standard Ethernet (IEEE 802.3 and the TCP/IP protocol suite) is gradually applied in industrial control system (ICS) with the development of information technology. It breaks the natural isolation of ICS, but contains no security mechanism. A modified intrusion detection system (IDS), which is strongly correlated to specific industrial scenario, is necessary for modern ICS. On the one hand, this paper outlines attack models, including infiltration attacks and our creative forging attack. On the other hand, we proposes a hierarchical IDS, which contains a traffic prediction model and an anomaly detection model. The traffic prediction model, which is based on autoregressive integrated moving average (ARIMA), can forecast the traffic of ICS network in the short term and precisely detect the infiltration attacks according to abnormal changes in traffic pattern. The anomaly detection model using one-class support vector machine (OCSVM) is able to detect malicious control instructions by analyzing the key field in EtherNet/IP packets. The experimental results show that the hierarchical IDS has an outstanding performance in detecting infiltration attacks and forging attack compared with other two innovative IDSs.

Nanda, Ashok Kumar,Sankar, S.,Cheerla, Sreevardhan

DOI: https://doi.org/10.1007/s11277-023-10852-z

IF: 2.017

2024-02-05

Wireless Personal Communications

Abstract:Important information needs to be sent over the Internet safely. Real-time data is mixed with harmful information, lowering the quality of communication and the system's overall performance. A network intruder detection system is software that examines all incoming and outgoing network packets to detect malicious events. Federated learning (FL) is a way to put artificial intelligence at the cutting edge. It is a way to solve problems that is not centralized and lets people learn from significant amounts of data. Deep learning (DL) methods have often been used to find harmful data in host intrusion detection systems (HIDS) that look for unusual behavior. The FL architecture allows multiple users to train a global model while respecting the privacy of each user's data, making DL-based methods more useful. But there has yet to be a complete analysis of how well FL-based HIDSs protect against known privacy threats with the already in-place defenses. To solve this problem, we offer two privacy assessment measures for FL-based HIDSs, including a privacy score that rates how close the original and restored traffic attributes are. The CICIDS2017 dataset, which includes several attacks from the present day, was used to make the real-time model. In addition, an adaptive threshold-correlation algorithm (ATCA) is presented to enhance detection accuracy by dynamically adjusting threshold values according to traffic patterns and intrusion behaviors. The FL-HIDS framework was created and tested using a realistic network dataset. Experiment results show that the suggested technique outperforms existing intrusion detection systems regarding detection precision and scalability. The federated learning strategy effectively leverages the collective intelligence of network devices, enabling continuous learning and adaptation to emergent attack strategies. Furthermore, the adaptive threshold technique considerably reduces the rate of false positive and false negative detection, boosting the intrusion detection system's overall effectiveness. The proposed architecture solves previous centralized solutions' shortcomings by providing a scalable, privacy-preserving method for defending network environments against expanding invasion threats.

telecommunications

Joseph Bamidele Awotunde,Chinmay Chakraborty,Abidemi Emmanuel Adeniyi

DOI: https://doi.org/10.1155/2021/7154587

2021-09-02

Wireless Communications and Mobile Computing

Abstract:The Industrial Internet of Things (IIoT) is a recent research area that links digital equipment and services to physical systems. The IIoT has been used to generate large quantities of data from multiple sensors, and the device has encountered several issues. The IIoT has faced various forms of cyberattacks that jeopardize its capacity to supply organizations with seamless operations. Such risks result in financial and reputational damages for businesses, as well as the theft of sensitive information. Hence, several Network Intrusion Detection Systems (NIDSs) have been developed to fight and protect IIoT systems, but the collections of information that can be used in the development of an intelligent NIDS are a difficult task; thus, there are serious challenges in detecting existing and new attacks. Therefore, the study provides a deep learning-based intrusion detection paradigm for IIoT with hybrid rule-based feature selection to train and verify information captured from TCP/IP packets. The training process was implemented using a hybrid rule-based feature selection and deep feedforward neural network model. The proposed scheme was tested utilizing two well-known network datasets, NSL-KDD and UNSW-NB15. The suggested method beats other relevant methods in terms of accuracy, detection rate, and FPR by 99.0%, 99.0%, and 1.0%, respectively, for the NSL-KDD dataset, and 98.9%, 99.9%, and 1.1%, respectively, for the UNSW-NB15 dataset, according to the results of the performance comparison. Finally, simulation experiments using various evaluation metrics revealed that the suggested method is appropriate for IIOT intrusion network attack classification.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hani Alshahrani,Attiya Khan,Muhammad Rizwan,Mana Saleh Al Reshan,Adel Sulaiman,Asadullah Shaikh

DOI: https://doi.org/10.3390/su15119001

IF: 3.9

2023-06-03

Sustainability

Abstract:The Industrial Internet of Things (IIoT) refers to the employment of the Internet of Things in industrial management, where a substantial number of machines and devices are linked and synchronized with the help of software programs and third platforms to improve the overall productivity. The acquisition of the industrial IoT provides benefits that range from automation and optimization to eliminating manual processes and improving overall efficiencies, but security remains to be forethought. The absence of reliable security mechanisms and the magnitude of security features are significant obstacles to enhancing IIoT security. Over the last few years, alarming attacks have been witnessed utilizing the vulnerabilities of the IIoT network devices. Moreover, the attackers can also sink deep into the network by using the relationships amidst the vulnerabilities. Such network security threats cause industries and businesses to suffer financial losses, reputational damage, and theft of important information. This paper proposes an SDN-based framework using machine learning techniques for intrusion detection in an industrial IoT environment. SDN is an approach that enables the network to be centrally and intelligently controlled through software applications. In our framework, the SDN controller employs a machine-learning algorithm to monitor the behavior of industrial IoT devices and networks by analyzing traffic flow data and ultimately determining the flow rules for SDN switches. We use SVM and Decision Tree classification models to analyze our framework's network intrusion and attack detection performance. The results indicate that the proposed framework can detect attacks in industrial IoT networks and devices with an accuracy of 99.7%.

environmental sciences,environmental studies,green & sustainable science & technology