Multi-step attack detection in industrial networks using a hybrid deep learning architecture

Muhammad Hassan Jamal; Muazzam A Khan; Safi Ullah; Mohammed S. Alshehri; Sultan Almakdi; Umer Rashid; Abdulwahab Alazeb; Jawad Ahmad; Muhammad Hassan Jamal; Muazzam A Khan; Safi Ullah; Mohammed S. Alshehri; Sultan Almakdi; Umer Rashid; Abdulwahab Alazeb; Jawad Ahmad

doi:10.3934/mbe.2023615

Mathematical Biosciences and Engineering

2023, Volume 20, Issue 8: 13824-13848. doi: 10.3934/mbe.2023615

Previous Article Next Article

Research article Special Issues

Multi-step attack detection in industrial networks using a hybrid deep learning architecture

1.
Department of Computer Sciences, Quaid-i-Azam University, Islamabad 45320, Pakistan
2.
ICESCO Chair Big Data Analytics and Edge Computing, Quaid-i-Azam University, Islamabad 45320, Pakistan
3.
Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
4.
School of Computing, Engineering and the Built Environment, Edinburgh Napier University, EH10 5DT, Edinburgh, UK

Academic Editor: Giuseppe Ciaburro

Received: 08 April 2023 Revised: 20 May 2023 Accepted: 29 May 2023 Published: 16 June 2023

In recent years, the industrial network has seen a number of high-impact attacks. To counter these threats, several security systems have been implemented to detect attacks on industrial networks. However, these systems solely address issues once they have already transpired and do not proactively prevent them from occurring in the first place. The identification of malicious attacks is crucial for industrial networks, as these attacks can lead to system malfunctions, network disruptions, data corruption, and the theft of sensitive information. To ensure the effectiveness of detection in industrial networks, which necessitate continuous operation and undergo changes over time, intrusion detection algorithms should possess the capability to automatically adapt to these changes. Several researchers have focused on the automatic detection of these attacks, in which deep learning (DL) and machine learning algorithms play a prominent role. This study proposes a hybrid model that combines two DL algorithms, namely convolutional neural networks (CNN) and deep belief networks (DBN), for intrusion detection in industrial networks. To evaluate the effectiveness of the proposed model, we utilized the Multi-Step Cyber Attack (MSCAD) dataset and employed various evaluation metrics.
- deep learning,
- intrusion detection,
- industrial networks,
- multi-step attacks,
- convolutional neural networks
Citation: Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad. Multi-step attack detection in industrial networks using a hybrid deep learning architecture[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615

Related Papers:

Abstract

In recent years, the industrial network has seen a number of high-impact attacks. To counter these threats, several security systems have been implemented to detect attacks on industrial networks. However, these systems solely address issues once they have already transpired and do not proactively prevent them from occurring in the first place. The identification of malicious attacks is crucial for industrial networks, as these attacks can lead to system malfunctions, network disruptions, data corruption, and the theft of sensitive information. To ensure the effectiveness of detection in industrial networks, which necessitate continuous operation and undergo changes over time, intrusion detection algorithms should possess the capability to automatically adapt to these changes. Several researchers have focused on the automatic detection of these attacks, in which deep learning (DL) and machine learning algorithms play a prominent role. This study proposes a hybrid model that combines two DL algorithms, namely convolutional neural networks (CNN) and deep belief networks (DBN), for intrusion detection in industrial networks. To evaluate the effectiveness of the proposed model, we utilized the Multi-Step Cyber Attack (MSCAD) dataset and employed various evaluation metrics.

References

[1]	R. M. Balajee, M. K. J. Kannan, Intrusion detection on AWS cloud through hybrid deep learning algorithm, Electronics, 12 (2023), 1423. https://doi.org/10.3390/electronics12061423 doi: 10.3390/electronics12061423
[2]	M. J. Kaur, V. P. Mishra, P. Maheshwari, The convergence of digital twin, IoT, and machine learning: transforming data into action, in Digital Twin Technologies and Smart Cities, Springer, (2020), 3–17. https://link.springer.com/chapter/10.1007/978-3-030-18732-3_1
[3]	O. Abualghanam, H. Alazzam, B. Elshqeirat, M. Qatawneh, M. A. Almaiah, Real-time detection system for data exfiltration over DNS tunneling using machine learning, Electronics, 12 (2020), 1467. https://doi.org/10.3390/electronics12061467 doi: 10.3390/electronics12061467
[4]	B. Axelsson, G. Easton, Industrial Networks (Routledge Revivals): A New View of Reality, Routledge, 1992.
[5]	P. C. Smith, L. Hellman, Small Group Analysis in Industrial Networks, Routledge, 1992.
[6]	H. Pourrahmani, A. Yavarinasab, R. Zahedi, A. Gharehghani, M. H. Mohammadi, P. Bastani, et al., The applications of Internet of Things in the automotive industry: a review of the batteries, fuel cells, and engines, Internet Things, 19 (2022), 100579. https://doi.org/10.1016/j.iot.2022.100579 doi: 10.1016/j.iot.2022.100579
[7]	Y. Yang, K. McLaughlin, T. Littler, S. Sezer, H. F. Wang, Rule-based intrusion detection system for SCADA networks, in 2nd IET Renewable Power Generation Conference, 2013. https://doi.org/10.1049/cp.2013.1729
[8]	M. Baezner, P. Robin, Stuxnet, Report, Center for Security Studies (CSS), ETH Zürich, 2017. Available from: https://www.research-collection.ethz.ch/handle/20.500.11850/184547.
[9]	Zagaris, Bruce, Boggess, Kenneth, Cybercrime, HeinOnline, 2021. Available from: https://heinonline.org/HOL/LandingPage?handle = hein.journals/ielr37 & div = 152.
[10]	E. D. Knapp, J. T. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Elsevier, 2015.
[11]	S. Hong, C. Lv, T. Zhao, B. Wang, J. Wang, J. Zhu, Cascading failure analysis and restoration strategy in an interdependent network, J. Phys. A: Math. Theor., 49 (2016), 195101. https://doi.org/10.1088/1751-8113/49/19/195101 doi: 10.1088/1751-8113/49/19/195101
[12]	A. Kwasinski, W. Weaver, P. L. Chapman, P. T. Krein, Telecommunications power plant damage assessment for hurricane Katrina–site survey and follow-up results, IEEE Syst. J., 3 (2009), 277–287. https://doi.org/10.1109/JSYST.2009.2026783 doi: 10.1109/JSYST.2009.2026783
[13]	R. M. Lee, M. J. Assante, T. Conway, Analysis of the cyber attack on the Ukrainian power grid, Electr. Inf. Sharing Anal. Cent., 388 (2016), 1–29.
[14]	J. Angséus, R. Ekbom, Network-Based Intrusion Detection Systems for Industrial Control Systems, Master's thesis, University of Gothenburg, Gothenburg, 2017.
[15]	H. Y. Kwon, T. Kim, M. K. Lee, Advanced intrusion detection combining signature-based and behavior-based detection methods, Electronics, 11 (2022), 867. https://doi.org/10.3390/electronics11060867 doi: 10.3390/electronics11060867
[16]	Y. Jia, M. Wang, Y. Wang, Network intrusion detection algorithm based on deep neural network, IET Inf. Secur., 13 (2019), 48–53. https://doi.org/10.1049/iet-ifs.2018.5258 doi: 10.1049/iet-ifs.2018.5258
[17]	F. Rustam, M. F. Mushtaq, A. Hamza, M. S. Farooq, A. D. Jurcut, I. Ashraf, Denial of service attack classification using machine learning with multi-features, Electronice, 11 (2022), 3817. https://doi.org/10.3390/electronics11223817 doi: 10.3390/electronics11223817
[18]	N. Naz, M. A. Khan, S. A. Alsuhibany, M. Diyan, Z. Tan, M. Almas Khan, et al., Ensemble learning-based IDS for sensors telemetry data in IoT networks, Math. Biosci. Eng., 19 (2022), 10550–10580. https://doi.org/10.3934/mbe.2022493 doi: 10.3934/mbe.2022493
[19]	S. Agrawal, S. Sarkar, O. Aouedi, G. Yenduri, K. Piamrat, S. Bhattacharya, et al., Federated learning for intrusion detection system: Concepts, challenges and future directions, arXiv preprint, (2022), arXiv: 2106.09527. https://doi.org/10.48550/arXiv.2106.09527
[20]	M. Almseidin, M. Alkasassbeh, An accurate detection approach for IoT botnet attack using interpolation reasoning method, Information, 13 (2022), 300. https://doi.org/10.3390/info13060300 doi: 10.3390/info13060300
[21]	F. Zhai, T. Yang, H. Chen, B. He, S. Li, Intrusion detection method based on CNN–GRU–FL in a smart grid environment, Electronics, 12 (2023), 1164. https://doi.org/10.3390/electronics12051164 doi: 10.3390/electronics12051164
[22]	M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2013), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[23]	S. Hong, J. Zhu, L. A. Braunstein, T. Zhao, Q. You, Cascading failure and recovery of spatially interdependent networks, J. Stat. Mech: Theory Exp., 2017 (2017). https://doi.org/10.1088/1742-5468/aa8c36
[24]	I. Butun, M. Almgren, V. Gulisano, M. Papatriantafilou, Intrusion detection in industrial networks via data streaming, in Industrial IoT, Springer, (2020), 213–238. https://doi.org/10.1007/978-3-030-42500-5_6
[25]	L. Zang, D. Ma, A hybrid approach toward efficient and accurate intrusion detection for in-vehicle networks, IEEE Access, 10 (2022), 10852–10866. https://doi.org/10.1109/ACCESS.2022.3145007 doi: 10.1109/ACCESS.2022.3145007
[26]	R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system, IEEE Access, 7 (2019), 41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334 doi: 10.1109/ACCESS.2019.2895334
[27]	G. M. D. Teyou, J. Ziazet, Convolutional neural network for intrusion detection system in cyber-physical systems, arXiv preprint, (2019), arXiv: 1905.03168. https://doi.org/10.48550/arXiv.1905.03168
[28]	X. Wang, S. Yin, H. Li, J. Wang, L. Teng, A network intrusion detection method based on deep multi-scale convolutional neural network, Int. J. Wireless Inf. Networks, 27 (2020), 503–517. https://doi.org/10.1007/s10776-020-00495-3 doi: 10.1007/s10776-020-00495-3
[29]	S. Ullah, J. Ahmad, M. A. Khan, E. H. Alkhammash, M. Hadjouni, Y. Y. Ghadi, et al., A new intrusion detection system for the Internet of Things via deep convolutional neural network and feature engineering, Sensors, 22 (2022), 3607. https://doi.org/10.3390/s22103607 doi: 10.3390/s22103607
[30]	S. Hong, T. Yue, H. Liu, Vehicle energy system active defense: a health assessment of lithium-ion batteries, Int. J. Intell. Syst., 37 (2022), 10081–10099. https://doi.org/10.1002/int.22309 doi: 10.1002/int.22309
[31]	M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2012), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[32]	S. D. D. Anton, S. Sinha, H. D. Schotten, Anomaly-based intrusion detection in industrial data with SVM and random forests, arXiv preprint, (2019), arXiv: 1907.10374. https://doi.org/10.48550/arXiv.1907.10374
[33]	Z. Wang, Z. Li, D. He, S. Chan, A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning, Expert Syst. Appl., 206, (2022), 117671. https://doi.org/10.1016/j.eswa.2022.117671
[34]	S. Potluri, S. Ahmed, C. Diedrich, Securing industrial control systems from false data injection attacks with convolutional neural networks, in Development and Analysis of Deep Learning Architectures, Springer, (2020), 197–222. https://doi.org/10.1007/978-3-030-31764-5_8
[35]	S. Potluri, S. Ahmed, C. Diedrich, Convolutional neural networks for multi-class intrusion detection system, in Mining Intelligence and Knowledge Exploration, Springer, (2018), 225–238. https://doi.org/10.1007/978-3-030-05918-7_20
[36]	Y. Zhu, Y. Zi, J. Xu, Transfer learning-based SAE-CNN for industrial data processing in multiple working conditions recognition, in 2022 IEEE International Conference on Prognostics and Health Management (ICPHM), (2022), 167–172. https://doi.org/10.1109/ICPHM53196.2022.9815720
[37]	T. Cruz, L. Rosa, J. Proença, L. Maglaras, M. Aubigny, L. Lev, et al., A cybersecurity detection framework for supervisory control and data acquisition systems, IEEE Trans. Ind. Inf., 12 (2016), 2236–2246. https://doi.org/10.1109/TII.2016.2599841\newpage doi: 10.1109/TII.2016.2599841
[38]	S. Huda, J. Yearwood, M. M. Hassan, A. Almogren, Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks, Appl. Soft Comput., 71 (2018), 66–77. https://doi.org/ 10.1016/j.asoc.2018.06.017 doi: 10.1016/j.asoc.2018.06.017
[39]	J. Jiao, X. J. Zheng, Fault diagnosis method for industrial robots based on DBN joint information fusion technology, Comput. Intell. Neurosci., 2022 (2022). https://doi.org/10.1155/2022/4340817
[40]	K. Lu, G. Zeng, X. Luo, J. Weng, W. Luo, Y. Wu, Evolutionary deep belief network for cyber-attack detection in industrial automation and control system, IEEE Trans. Ind. Inf., 17 (2021), 7618–7627. https://doi.org/10.1109/TII.2021.3053304 doi: 10.1109/TII.2021.3053304
[41]	A. A. Suzen, Developing a multi-level intrusion detection system using hybrid-DBN, J. Ambient Intell. Hum. Comput., 12 (2021), 1913–1923. https://doi.org/10.1007/s12652-020-02271-w doi: 10.1007/s12652-020-02271-w
[42]	S. Zhang, J. Lai, Q. Yao, Traffic anomaly detection model of electric power industrial control based on DBN-LSTM, in 2021 IEEE 23rd Int Conf on High Performance Computing, Communications; 7th Int Conf on Data Science, Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud, Big Data Systems, Application, (2021), 1902–1907. https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00284
[43]	G. Meena, R. R. Choudhary, A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA, in 2017 International Conference on Computer, Communications and Electronics (Comptelix), (2017), 553–558. https://doi.org/10.1109/COMPTELIX.2017.8004032
[44]	L. Whaley, The critical institutional analysis and development (CIAD) framework, Int. J. Commons, 12 (2018). https://doi.org/10.18352/ijc.848
[45]	P. Foremski, C. Callegari, M. Pagano, Waterfall: Rapid identification of IP flows using cascade classification, in Computer Networks, (2014), 14–23. https://doi.org/10.1007/978-3-319-07941-7_2
[46]	R. Zuech, T. Khoshgoftaar, N. Seliya, M. M. Najafabadi, C. Kemp, A new intrusion detection benchmarking system, in Proceedings of the Twenty-Eighth International Florida Artificial Intelligence Research Society Conference, 2015.
[47]	K. M. A. Alheeti, A. Alzahrani, O. H. Jasim, D. Al-Dosary, H. M. Ahmed, M. S. Al-Ani, Intelligent detection system for multi-step cyber-attack based on machine learning, in 2023 15th International Conference on Developments in eSystems Engineering (DeSE), (2023), 510–514. https://doi.org/10.1109/DeSE58274.2023.10100226
[48]	M. Almseidin, J. Al-Sawwa, M. Alkasassbeh, Generating a benchmark cyber multi-step attacks dataset for intrusion detection, J. Intell. Fuzzy Syst., 43 (2022), 3679–3694. https://doi.org/10.3233/JIFS-213247 doi: 10.3233/JIFS-213247
[49]	S. Suthaharan, T. Panchagnula, Relevance feature selection with data cleaning for intrusion detection system, in 2012 Proceedings of IEEE Southeastcon, (2012), 1–6. https://doi.org/10.1109/SECon.2012.6196965
[50]	M. Bahrololum, E. Salahi, M. Khaleghi, Machine learning techniques for feature reduction in intrusion detection systems: A comparison, in 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology, (2009), 1091–1095. https://doi.org/10.1109/ICCIT.2009.89
[51]	J. W. Osborne, Best Practices in Data Cleaning: A Complete Guide to Everything You Need to Do Before and After Collecting Your Data, SAGE Publications, 2013. https://doi.org/10.4135/9781452269948
[52]	W. McKinney, Pandas: A foundational Python library for data analysis and statistics, Python High Perform. Sci. Comput., 14 (2011), 1–9.
[53]	K. Farhana, M. Rahman, M. T. Ahmed, An intrusion detection system for packet and flow-based networks using a deep neural network approach, Int. J. Electr. Comput. Eng., 10 (2020), 5514–5525. https://doi.org/10.11591/ijece.v10i5.pp5514-5525 doi: 10.11591/ijece.v10i5.pp5514-5525
[54]	D. T. Dantas, H. Li, T. Charton, L. Chen, R. Zhang, Machine learning based anomaly-based intrusion detection system in a full digital substation, in 15th International Conference on Developments in Power System Protection, 2020. https://doi.org/10.1049/cp.2020.0049
[55]	W. Wang, X. Zhang, S. Gombault, S. J. Knapskog, Attribute normalization in network intrusion detection, in 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks, (2009), 448–453. https://doi.org/10.1109/I-SPAN.2009.49
[56]	A. Tesfahun, D. L. Bhaskari, Intrusion detection using random forests classifier with SMOTE and feature reduction, in 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies, (2013), 127–132. https://doi.org/10.1109/CUBE.2013.31
[57]	B. Yan, G. Han, M. Sun, S. Ye, A novel region adaptive SMOTE algorithm for intrusion detection on imbalanced problem, in 2017 3rd IEEE International Conference on Computer and Communications (ICCC), (2017), 1281–1286. https://doi.org/10.1109/CompComm.2017.8322749
[58]	J. Han, W. Pak, High performance network intrusion detection system using two-stage LSTM and incremental created hybrid features, Electronics, 12 (2023), 956. https://doi.org/10.3390/electronics12040956 doi: 10.3390/electronics12040956
[59]	J. Kim, J. Kim, H. Kim, M. Shim, E. Choi, CNN-based network intrusion detection against denial-of-service attacks, Electronics, 9 (2020), 916. https://doi.org/10.3390/electronics9060916 doi: 10.3390/electronics9060916
[60]	M. Azizjon, A. Jumabek, W. Kim, 1D CNN-based network intrusion detection with normalization on imbalanced data, in 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), (2020), 218–224. https://doi.org/10.1109/ICAIIC48513.2020.9064976
[61]	S. Albawi, T. A. Mohammed, S. Al-Zawi, Understanding of a convolutional neural network, in 2017 International Conference on Engineering and Technology (ICET), (2017), 1–6. https://doi.org/10.1109/ICEngTechnol.2017.8308186
[62]	Q. Zhang, M. Zhang, T. Chen, Z. Sun, Y. Ma, B. Yu, Recent advances in convolutional neural network acceleration, arXiv preprint, (2019), arXiv: 1807.08596. https://doi.org/10.48550/arXiv.1807.08596
[63]	R. Vinayakumar, K. P. Soman, P. Poornachandran, Applying convolutional neural network for network intrusion detection, in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), (2017), 1222–1228. https://doi.org/10.1109/ICACCI.2017.8126009
[64]	P. Liu, An intrusion detection system based on convolutional neural network, in Proceedings of the 2019 11th International Conference on Computer and Automation Engineering, (2019), 62–67. https://doi.org/10.1145/3313991.3314009
[65]	N. Gupta, P. Bedi, V. Jindal, Effect of activation functions on the performance of deep learning algorithms for network intrusion detection systems, in Proceedings of ICETIT 2019, Springer, (2020), 949–960. https://doi.org/10.1007/978-3-030-30577-2_84
[66]	H. Jia, J. Liu, M. Zhang, X. He, W. Sun, Network intrusion detection based on IE-DBN model, Comput. Commun., 178 (2021), 131–140. https://doi.org/10.1016/j.comcom.2021.07.016 doi: 10.1016/j.comcom.2021.07.016
[67]	S. Ullah, M. A. Khan, J. Ahmad, S. S. Jamal, Z. Huma, M. T. Hassan, et al., HDL-IDS: a hybrid deep learning architecture for intrusion detection in the Internet of Vehicles, Sensors, 22 (2022), 1340. https://doi.org/10.3390/s22041340 doi: 10.3390/s22041340

Reader Comments

Your name:*

Email:*
© 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)