Multi-step attack detection in industrial networks using a hybrid deep learning architecture

Muhammad Hassan Jamal; Muazzam A Khan; Safi Ullah; Mohammed S. Alshehri; Sultan Almakdi; Umer Rashid; Abdulwahab Alazeb; Jawad Ahmad; Muhammad Hassan Jamal; Muazzam A Khan; Safi Ullah; Mohammed S. Alshehri; Sultan Almakdi; Umer Rashid; Abdulwahab Alazeb; Jawad Ahmad

doi:10.3934/mbe.2023615

Mathematical Biosciences and Engineering

2023, Volume 20, Issue 8: 13824-13848. doi: 10.3934/mbe.2023615

Previous Article Next Article

Research article Special Issues

Multi-step attack detection in industrial networks using a hybrid deep learning architecture

1.
Department of Computer Sciences, Quaid-i-Azam University, Islamabad 45320, Pakistan
2.
ICESCO Chair Big Data Analytics and Edge Computing, Quaid-i-Azam University, Islamabad 45320, Pakistan
3.
Department of Computer Science, College of Computer Science and Information Systems, Najran University, Najran 61441, Saudi Arabia
4.
School of Computing, Engineering and the Built Environment, Edinburgh Napier University, EH10 5DT, Edinburgh, UK

Academic Editor: Giuseppe Ciaburro

Received: 08 April 2023 Revised: 20 May 2023 Accepted: 29 May 2023 Published: 16 June 2023

In recent years, the industrial network has seen a number of high-impact attacks. To counter these threats, several security systems have been implemented to detect attacks on industrial networks. However, these systems solely address issues once they have already transpired and do not proactively prevent them from occurring in the first place. The identification of malicious attacks is crucial for industrial networks, as these attacks can lead to system malfunctions, network disruptions, data corruption, and the theft of sensitive information. To ensure the effectiveness of detection in industrial networks, which necessitate continuous operation and undergo changes over time, intrusion detection algorithms should possess the capability to automatically adapt to these changes. Several researchers have focused on the automatic detection of these attacks, in which deep learning (DL) and machine learning algorithms play a prominent role. This study proposes a hybrid model that combines two DL algorithms, namely convolutional neural networks (CNN) and deep belief networks (DBN), for intrusion detection in industrial networks. To evaluate the effectiveness of the proposed model, we utilized the Multi-Step Cyber Attack (MSCAD) dataset and employed various evaluation metrics.

Keywords:

Citation: Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad. Multi-step attack detection in industrial networks using a hybrid deep learning architecture[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615

Related Papers:

[1]	Fabrizio Clarelli, Roberto Natalini . A pressure model of immune response to mycobacterium tuberculosis infection in several space dimensions. Mathematical Biosciences and Engineering, 2010, 7(2): 277-300. doi: 10.3934/mbe.2010.7.277
[2]	Chang Gong, Jennifer J. Linderman, Denise Kirschner . A population model capturing dynamics of tuberculosis granulomas predicts host infection outcomes. Mathematical Biosciences and Engineering, 2015, 12(3): 625-642. doi: 10.3934/mbe.2015.12.625
[3]	Eduardo Ibargüen-Mondragón, Lourdes Esteva, Edith Mariela Burbano-Rosero . Mathematical model for the growth of Mycobacterium tuberculosis in the granuloma. Mathematical Biosciences and Engineering, 2018, 15(2): 407-428. doi: 10.3934/mbe.2018018
[4]	Gesham Magombedze, Winston Garira, Eddie Mwenje . Modelling the human immune response mechanisms to mycobacterium tuberculosis infection in the lungs. Mathematical Biosciences and Engineering, 2006, 3(4): 661-682. doi: 10.3934/mbe.2006.3.661
[5]	Eduardo Ibargüen-Mondragón, M. Victoria Otero-Espinar, Miller Cerón Gómez . A within-host model on the interaction dynamics between innate immune cells and Mycobacterium tuberculosis. Mathematical Biosciences and Engineering, 2025, 22(3): 511-527. doi: 10.3934/mbe.2025019
[6]	Eduardo Ibarguen-Mondragon, Lourdes Esteva, Leslie Chávez-Galán . A mathematical model for cellular immunology of tuberculosis. Mathematical Biosciences and Engineering, 2011, 8(4): 973-986. doi: 10.3934/mbe.2011.8.973
[7]	Xu Zhang, Dongdong Chen, Wenmin Yang, JianhongWu . Identifying candidate diagnostic markers for tuberculosis: A critical role of co-expression and pathway analysis. Mathematical Biosciences and Engineering, 2019, 16(2): 541-552. doi: 10.3934/mbe.2019026
[8]	Benjamin H. Singer, Denise E. Kirschner . Influence of backward bifurcation on interpretation of $R_0$ in a model of epidemic tuberculosis with reinfection. Mathematical Biosciences and Engineering, 2004, 1(1): 81-93. doi: 10.3934/mbe.2004.1.81
[9]	Maoxing Liu, Jie Zhang, Zhengguang Li, Yongzheng Sun . Modeling epidemic in metapopulation networks with heterogeneous diffusion rates. Mathematical Biosciences and Engineering, 2019, 16(6): 7085-7097. doi: 10.3934/mbe.2019355
[10]	Abba B. Gumel, Baojun Song . Existence of multiple-stable equilibria for a multi-drug-resistant model of mycobacterium tuberculosis. Mathematical Biosciences and Engineering, 2008, 5(3): 437-455. doi: 10.3934/mbe.2008.5.437

Abstract

1. Introduction

In December 2019, a novel coronavirus (COVID-19) was discovered ^[1]. COVID-19 is a respiratory infectious disease caused by the severe acute respiratory syndrome coronavirus, transmitted by contact, aerosols and inhalation of virus-infected droplets ^[2,3]. Unfortunately, there were no effective drugs to treat the disease in 2021 ^[1]. Therefore, the control protocols were mainly physical isolation, such as quarantine, contact tracing and social lockdown ^[4,5,6,7,8]. Therefore, it is crucial to study the effectiveness of control measures for this disease.

The basic reproduction number $\mathcal R_0$ is a critical parameter in the analysis of infectious diseases. It measures the average number of secondary infections caused by a typical infectious individual in a fully susceptible population. The disease will not cause an epidemic if $\mathcal R_{0} < 1$ ^[11,12,13]. As the epidemic progresses, or when control measures such as social distancing and vaccination are implemented, susceptible individuals are depleted and some of the contacts of the infectious individuals are made to already infected individuals, which do not cause transmission. In this case, the threshold for disease spread is measured by the effective reproduction number $\mathcal R_t$ , which measures the number of secondary infections caused by a typical infectious individual in the current population (with some already infected individuals). Its value is usually calculated as the product of $\mathcal R_0$ and the average population susceptibility ^[2,4,11]. In the initial stage of disease when the number of infected individuals is only a tiny fraction of the total population, $\mathcal R_t\approx \mathcal R_0$ . Wallinga and Teunis ^[9] proposed a method to approximate the effective reproduction number, which studied the average number of reproduction for patients who are infected on a given day. Note that this is not the same as the number of infections caused by a patient on a given day. In addition, this method requires the time of infection of patients, which is difficult to trace. Cori et al. ^[14] presented a simple method for estimating the effective reproduction number, which is based on the time series of disease occurrence. However, this method's effective reproduction number $\mathcal R_t$ is delayed significantly. Das ^[4] presented a method for estimating an approximate $\mathcal R_t$ by taking into account both the mean generation interval and the instantaneous exponential growth rate. However, the instantaneous exponential growth rate can only be estimated from a long enough time period, preventing this method from detecting sudden changes in $\mathcal R_t$ . In this paper, we propose a new method to directly calculate the real-time reproduction number through confirmed cases and evaluate the effectiveness of control measures.

Based on reported cases of COVID-19, we use the back-calculating method ^[15] to obtain the number of incidences and the number of infectious patients on each day and then we use them to estimate the change in reproduction number. Moreover, we derive the impact of control measures from the change in the reproduction numbers.

We establish the model in Section 2 and verify it using simulations in Section 3. In Section 4, we show how we applied the model to British Columbia (BC), Canada to obtain their reproduction number and the impact of control measures on the reproduction number; the results are summarized and future work is discussed in Section 5.

2. Methods

2.1. Model

In this section, we consider a discrete-time stochastic seir model in a randomly mixed population. Let $S_t$ , $E_t$ and $I_t$ be the number of susceptible, latent and infectious individuals on day $t$ . Because of the random-mixing assumption, the expected number of new infections on day $t$ is

$\begin{equation} Z_t = \beta S_{t} I_{t} . \end{equation}$

(1)

A newly infected patient goes through a latent period $L$ and becomes infectious. Here $L$ is a discrete random variable with a probability mass function $\{p_i\}_{i = 0}^\infty$ , i.e., the probability that the latent period has a length of $i$ days is $p_i$ . This patient then goes through an infectious period $X$ and is diagnosed. Let the probability mass function of $X$ be $\{q_i\}_{i = 0}^\infty$ . Let $Q_i$ be the cumulative probability function of $X$ , that is $Q_i = \sum\limits_{j = 0}^i q_j$ , $0 \leq i \leq \infty$ . We assume that, once diagnosed, the patient is fully isolated and stops being infectious. The course of disease $Y$ is the sum of the latent and infectious periods, i.e., $Y = L+X$ . Let $d_i$ be the probability mass function of $Y$ . Then

$\begin{equation} d_i = \sum\limits_{j = 0}^{i} p_j q_{i-j}. \end{equation}$

(2)

By definition, the basic reproduction number, i.e., the average number of secondary infections caused by a typical infectious individual during the infectious period in a fully susceptible population, is

$\mathcal R_{0} = \beta E[X] ,$

where $E[X] = \sum\limits_{i = 0}^\infty iq_i$ is the mean infectious period.

Thus, the effective reproduction number on day $t$ is

$\begin{equation} \mathcal R_t = \mathcal R_{0}S_{t} = \beta S_t E[X] = \frac{Z_{t}}{I_{t}}E[X] . \end{equation}$

(3)

Note that the last step is from (1).

Given the mean infectious period $E[X]$ , we need to estimate the number of new infections $Z_{t}$ and the number of infectious individuals $I_t$ so that we can estimate the effective reproduction number $\mathcal R_t$ .

Note that $Z_t$ and $m_t$ have the following relationship

$\begin{equation} m_t = \sum\limits_{i = 0}^\infty Z_{t-i} d_i\, . \end{equation}$

(4)

With the $m_t$ given, we need to solve $Z_t$ . Unfortunately, this is a deconvolution problem, and it is difficult to solve (see, e.g., ^[16]). Instead of solving it, we use the following method to approximate $Z_t$ . Suppose that the number of diagnosed cases on day $t$ , namely $m_t$ , is observed for days $t = 0, 1, \dots, T$ . A patient who is diagnosed on day $t+i$ , $0 \leq i \leq T-t$ was infected on day $t$ if and only if the serial interval $Y = i$ , i.e.,

$\begin{equation} Z_{t} = \sum\limits_{i = 0}^{T-t} m_{t+i}d_i = \sum\limits_{i = 0}^{T-t}\sum\limits_{j = 0}^{i} m_{t+i}p_jq_{i-j} . \end{equation}$

(5)

Note that (5) does not solve the deconvolution problem given by (4). However, we will show that this can give a good approximation for $Z_t$ , especially if $m_t$ is approximately exponentially growing or decaying and the change in the exponential growth rate is slow (measured on the time-scale of the mean serial interval). To see this, assume that $Z_t = Z_0\mu^t$ for a constant $\mu > 0$ (the exponential growth rate is thus $\log\mu$ ); then, (4) becomes

$\begin{equation} m_t = \sum\limits_{i = 0}^\infty Z_0\mu^{t-i} d_i = Z_0\mu^tg(1/\mu)\, , \end{equation}$

(6)

where $g(x) = \sum_{i = 0}^\infty x^id_i$ is the probability generating function of the serial interval distribution $d_i$ . Substitute this into the right hand side of (5) and assume $T\gg1$ ; then,

$\begin{equation} \sum\limits_{i = 0}^\infty m_{t+i}d_i = Z_0\mu^{t+i}g(1/\mu)d_i = Z_0\mu^t g(\mu)g(1/\mu) = Z_t g(\mu)g(1/\mu). \end{equation}$

(7)

Thus, if the change in $Z_t$ is slow, i.e., $\mu\approx 1$ , then $g(\mu)g(1/\mu)\approx 1$ .

Using a similar approximation, a patient who is diagnosed on day $t+i$ was infectious on day $t$ because the infectious period $X\geq i$ . That is,

$\begin{equation} I_{t} = \sum\limits_{i = 0}^{T-t}m_{t+i}\text{Prob}\{X\geq i\} = \sum\limits_{i = 0}^{T-t}m_{t+i}(1-Q_{i-1}) . \end{equation}$

(8)

Thus, from (3),

$\begin{equation} \mathcal R_t = \frac{\sum\nolimits_{i = 0}^{T-t}\sum\nolimits_{j = 0}^{i} m_{t+i}p_jq_{i-j}}{\sum\nolimits_{i = 0}^{T-t}m_{t+i}(1-Q_{i-1})}E[X] . \end{equation}$

(9)

The symbols used in this article are described in detail in Table 1.

Table 1. Explanations of nouns appearing in the paper.

Symbols	Significance
$S_t$	susceptible at time $t$
$E_t$	latent at time $t$
$I_t$	infectious at time $t$
$C_t$	the number of individuals who are infected on day $t$
$L$	latent period
$X$	infectious period
$Y$	the sum of the latent and infectious periods
$q_i$	the probability that the infectious period has a length of $i$ days
$p_i$	the probability that the latent period has a length of $i$ days
$d_i$	the probability mass function of the disease course $Y$
$m_t$	the number of cases reported on day $t$

| Show Table

DownLoad: CSV

2.2. Confidence interval

Given the mean infectious period E[X], in order to find the $95%$ confidence interval of $\mathcal R_t$ , we will get a random sample of $Z_{t}$ and $I_{t}$ by using the Monte Carlo method. For the patients who are diagnosed on day $t$ , let $\tilde Z_{t, t-i}$ be the number of those who are infected on day $t-i$ for $i = 0, 1, \dots$ . Then, the approximation given by (5) is equivalent to the following two steps:

${\rm{a}})$ Assume that $\tilde Z_{t, t-i}$ is multinomially distributed according to

$\begin{equation} \tilde Z_{t, t-i} \sim \text{multinomial}(m_{t}, d_{i}) . \end{equation}$

(10)

${\rm{b}})$ The number of individuals who are infected on day $t$ is

$\begin{equation} Z_{t} = \sum\limits_{i = 0}^{T-t} \tilde Z_{t+i, t} . \end{equation}$

(11)

Note that the mean of (11) is given by (5).

Similarly, for patients who show symptoms on day $t$ , the number of those who were infected on day $t-i$ is

$\begin{equation} \tilde C_{t, t-i} \sim \text{multinomial}(m_t, q_i) . \end{equation}$

(12)

Thus, the number of individuals who are infected on day $t$ is

$\begin{equation} C_t = \sum\limits_{i = 0}^{T-t}\tilde C_{t+i, t} . \end{equation}$

(13)

Note that, here, $C_t$ is a random variable, the mean of which is given by

$\begin{equation} E[C_t] = \sum\limits_{i = 0}^{T-i} m_{t+i}q_i , \end{equation}$

(14)

which uses a similar approximation as (5).

The expected number of individuals $I_t$ who are infectious on day $t$ is the total number of people who have become infectious but have not been removed from transmission (via recovery or isolation). Thus, $I_t$ can be calculated as

$\begin{equation} I_t = \sum\limits_{i = 0}^{t} C_{i} - \sum\limits_{i = 0}^{t} m_{i} , \end{equation}$

(15)

where the first term on the right-hand side is the number of patients who have become infectious before (or on) day $t$ , while the second term is the number of patients who have been diagnosed and isolated before (or on) day $t$ .

To generate one sample of $Z_{t}$ and $I_t$ , for each $m_t$ , $t = 0, 1, \dots, T$ , we use (12) to generate a sample for $\tilde C_{t, t-i}$ , and then use (13) to calculate $C_{t}$ . We then use the calculated $C_{t}$ to generate a sample of $Z_t$ using (10) and (11), and we use the calculated $C_{t}$ to generate a sample of $I_t$ using (10), (11) and (15). We can then use (3) to calculate a sample of the curve $\mathcal R_t$ .

We generate $10^5$ samples for $\mathcal R_t$ . For each $t = 0, 1, \dots, T$ , we use these samples to estimate the $95%$ confidence interval.

3. Model validation

To verify that our model can correctly estimate the reproduction number, we apply (9) to a dataset generated from stochastic simulations by using the method in Section 2.2 to estimate the $95%$ confidence interval of the reproduction number.

Non-pharmacological intervention (NPI) measures reduce the transmission rate ^[17]. The latent period and infectious period are specific to the disease, and are not affected by NPI measures. Thus, we consider the following two cases.

Case 1 Seasonal variation in the transmission rate is sometimes approximated by a sinusoidal function ^[10,18,19]. Here we assume $\beta$ to be sinusoidal to verify that our method can detect continuous change in $\beta(t)$ . Specifically,

$\begin{equation} \beta = 0.2[\cos(\frac{2\pi t}{365})+1]. \end{equation}$

(16)

In this case, the infectious period is assumed to be gamma-distributed with a shape parameter of $3$ and a rate parameter of $0.2$ ; the latent period is assumed to be gamma-distributed with a shape parameter of $3$ and a rate parameter of $0.3$ . Note that these choices only serve as a numerical example and are (no comma) not tied to a specific disease.

Case 2 The transmission rate is assumed to be a step function to simulate a sequence of control measures that cause sudden change in $\beta$ , that is,

$\begin{equation} \beta = \begin{cases} 0.5, &t \in[0, 40), \\ 0.4, &t \in[40, 60), \\ 0.3, &t \in[60, 80), \\ 0.2, &t \in[80,100), \\ 0.3, &t \in[100, \infty). \end{cases} \end{equation}$

(17)

In this case, the infectious period is assumed to be gamma-distributed with a shape parameter of $3$ and a rate parameter of $0.25$ ; the latent period is assumed to be gamma-distributed with a shape parameter of $3$ and a rate parameter of $0.2$ .

In both cases, the simulated population size is $10^6$ . During the simulated time periods, the number of infected individuals is only a small fraction of the population size; thus, $S(t)\approx 1$ and the effective reproduction number is approximately the basic reproduction number.

shows the comparison of the estimated reproduction number $\mathcal R_t$ as a function of time with the true value for Case 1. Figure 2 shows the comparison for Case 2. In both cases, our method can correctly estimate the reproduction number. In addition, these figures also show that the confidence interval narrows with a larger case count.

Figure 1. Model validation for Case 1. The top panel shows the simulated epidemic curve (in

$\log_{10}$ ), while the lower panel shows the comparison of the estimated reproduction number and its confidence interval with the true value in blue. Note that, when the case count is low, the confidence interval becomes very large, causing the upper and lower bounds of the confidence interval to disappear on some days.

DownLoad: Full-Size Img PowerPoint

Figure 2. Model validation for Case 2. The top panel shows the simulated epidemic curve (in

$\log_{10}$ ), while the lower panel shows the comparison of the estimated reproduction number and its confidence interval with the true value in blue.

DownLoad: Full-Size Img PowerPoint

4. Application to the COVID-19 outbreak in BC, Canada in 2020

Now that we have validated our method, in this section, we apply the method to study the change of the reproduction number as a function of time for the COVID-19 outbreak in BC, Canada in 2020.

In BC, we consider the following policy changes:

● Provincial state of emergency was declared on March 17;

● Businesses reopened on May 19;

● Provincial state of emergency was declared on July 7;

● Provincial state of emergency was declared on August 5;

● Public K-12 schools reopened on September 10;

● Provincial state of emergency was declared on October 28;

● Provincial state of emergency was declared on December 23.

We used the daily reported case count data for the period of March 1 to December 31, 2020 that were released from the BC Centre for Disease Control (BCCDC) as a spreadsheet. This spreadsheet has been taken offline. However, the data can still be accessed via the COVID-19 dashboard on the BCCDC website ^[20].

To apply our method, we need to know the latent period distribution and the infectious period distribution. We use the latent period distribution estimated by ^[21], which is gamma-distributed with a mean of 5.48 days and a standard deviation of 2.72 days.

On the other hand, regional differences in testing policy and human behavior in voluntary testing may affect when a patient is diagnosed and isolated, and, in turn, affect the infectious period. In Subsection 4.1, we estimate the infectious period distribution in BC from the daily number of diagnosed cases and symptom onsets.

4.1. Estimate the infectious period

We assume that the patients will be isolated after being diagnosed. Therefore, the end of their infectious period is marked by diagnosis, not recovery. We assume that the infectious period is gamma-distributed ^{[22,23,24,25,26]}, with a shape parameter $\alpha$ and a scale parameter $\varepsilon$ .

We digitized and tabulated the daily number of symptom onsets for the period of January 15 to June 7, 2020 from the British Columbia COVID-19 Daily Situation Report released on June 9 ^[27].

Using an approximation similar to (5), the expected number of patients showing symptoms on day $t$ can be calculated from the diagnosed cases on day $t+i$ ( $m_{t+i}$ ) as

$\begin{equation} \lambda_t = \sum\limits_{i = 0}^{T-t} m_{t+i}q_{i}. \end{equation}$

(18)

We assume that $C_t$ is the observed symptom onset count on day $t$ ; it follows a Poisson distribution with the mean $\lambda_t$ , i.e.,

$\begin{equation} C_{t}\sim \text{Poisson}(\lambda_t) \end{equation}$

(19)

We use the Markov chain Monte Carlo method via the R package "R2jag" to estimate the distribution parameters $\alpha$ and $\varepsilon$ . The prior distributions of the parameters are chosen to follow a uniform distribution with wide intervals:

$\begin{equation} \alpha\sim \text{U}(0, 10)\, , \varepsilon\sim \text{U}(0, 5)\, \end{equation}$

(20)

The results are given in . shows the point estimate and $95%$ confidence interval of the estimated density function of the infectious period distribution.

Table 2. The estimated parameters for the gamma-distributed COVID-19 infectious period in BC, Canada in 2020.

Parameter	Mean	Sd	$95$ % confidence interval
$\alpha$	4.791	1.074	(3.133, 7.358)
$\varepsilon$	1.815	0.373	(1.143, 2.610)

| Show Table

DownLoad: CSV

Figure 3. The point estimates and

$95%$ confidence interval of the probability density function of the infectious period distribution in BC, Canada.

DownLoad: Full-Size Img PowerPoint

4.2. Estimate the effective reproduction number

Using the point estimate of the infectious period distribution in Subsection 4.1, we estimate the reproduction number as a function of time in BC, Canada.

Figure 4 shows both the epidemic curve (reported cases) and the estimated reproduction number. This figure shows that, since the provincial state of emergency on March 17, the reproduction number was controlled to below 1 until the relaxation (business reopening) announced on May 19. The reproduction number then increased gradually after the relaxation to 1.76 in June, being largely maintained until August 1st, at which point it was about 1.60. The strengthening of control measures on August 5 reduced the reproduction number and eventually controlled it to around 1 on September 10. It then increased again to a peak value of 1.67 on October 10. It was then brought back to about unity beginning on November 13.

Figure 4. The top panel shows the daily reported cases (in

$\log_{10}$ ). The lower panel shows the estimated reproduction number and the confidence interval on each day. The vertical lines show the dates of the implementation of epidemic control measures, where the orange lines show the declaration of a state of emergency, and the green lines show the dates of relaxation.

DownLoad: Full-Size Img PowerPoint

5. Concluding remarks

We have developed a novel method to estimate the change of the reproduction number with time. Using simulated data, we have shown that our method can estimate the change in the reproduction number due to either seasonal forcing or control measures. This means that our method is widely applicable to understand the change of the transmission rate.

Applying our method to the COVID-19 outbreak in BC, Canada in 2020 shows that the strengthening of control measures such as social distancing, restricting gathering and closing schools from March 20 to the end of May successfully reduced the reproduction number to below 1, except for a period in early April (may be due to clustered cases in long-term care facilities ^[28], or the gathering activities of the Easter holiday). However, the reproduction number gradually increased to above 1 after business reopening in May, even though the case counts did not exhibit an immediate increase. This shows that our method is very sensitive as a tool to detect the changes in reproduction number. The same increase also happened after the school reopening in September, which eventually triggered the fast increase of cases in October and early November. Note that, during this time, the variants of concern had not shown up yet, that is, no variants of concern appeared in 2020 ^[29,30]. Thus, the increase of cases is mostly likely due to the relaxation of control measures.

Not surprisingly, our estimation yields a narrower confidence interval with a larger case count. Our method also relies on reliable estimation of the latent and infectious periods, which may be difficult to estimate during the early stage of a disease outbreak. However, we have also demonstrated that our method can be adapted to estimate the infectious period from the daily counts of symptom onset and diagnosed cases.

Another limitation of our method is that it ignores asymptomatic and pre-symptomatic transmissions, which may be an important factor driving the COVID-19 transmission. However, this may not significantly affect our method if the ratio of asymptomatic cases to all cases remains roughly constant, as the proportional fact is canceled in our formulation.

Our method provides a new tool for analyzing host immunity resulting from the effective vaccinations, with and without NPI measures. At the onset of disease spread, the effective vaccination rate $v$ is the primary factor influencing the number of susceptible individuals. In this case, the effective reproduction number can be expressed as $R_t = \beta (1-v)S_tE(X)$ , which is similar to (3). If the effective vaccination rate $v$ is known, our method can estimate the temporal changes in $\beta$ . However, in the absence of information about $v$ , it is only possible to estimate the value of $\beta(1-v)$ , not the individual parameters $\beta$ and $v$ .

Our method can be used to study other infectious diseases as well. For instance, it can be used to investigate the influence of seasonality on the transmission of seasonal influenza, or to examine the effect of control measures on historical outbreaks, such as pandemic influenza, SARS and Ebola. Furthermore, our method can be applied to the study of vector-borne diseases, including those transmitted by mosquitoes, by extending our model to consider the disease transmission from person to person, with mosquitoes as the vectors. However, obtaining the specific changes in $\beta$ is challenging, as the infection rate through the vector depends on the change in infected mosquitoes, resulting in a more complex dependence of $\beta$ on mosquitoes than the simple $SEIR$ model. Therefore, further research is needed to address this complexity. Additionally, the same generalization can be applied to sexually transmitted infections.

Use of AI tools declaration

The authors declare that they have not used artificial intelligence tools in the creation of this article.

Acknowledgments

This research was supported by the National Natural Science Foundation of China (No. 12271088) (ML), the Natural Sciences Foundation of Shanghai (No. 21ZR1401000) (ML) and a discovery grant from the Natural Sciences and Engineering Research Council Canada (JM), as well as two NSERC EIDM grants (OMNI and MfPH) (JM).

Conflict of interest

The authors declare that there is no conflict of interest.

References

[1]	R. M. Balajee, M. K. J. Kannan, Intrusion detection on AWS cloud through hybrid deep learning algorithm, Electronics, 12 (2023), 1423. https://doi.org/10.3390/electronics12061423 doi: 10.3390/electronics12061423
[2]	M. J. Kaur, V. P. Mishra, P. Maheshwari, The convergence of digital twin, IoT, and machine learning: transforming data into action, in Digital Twin Technologies and Smart Cities, Springer, (2020), 3–17. https://link.springer.com/chapter/10.1007/978-3-030-18732-3_1
[3]	O. Abualghanam, H. Alazzam, B. Elshqeirat, M. Qatawneh, M. A. Almaiah, Real-time detection system for data exfiltration over DNS tunneling using machine learning, Electronics, 12 (2020), 1467. https://doi.org/10.3390/electronics12061467 doi: 10.3390/electronics12061467
[4]	B. Axelsson, G. Easton, Industrial Networks (Routledge Revivals): A New View of Reality, Routledge, 1992.
[5]	P. C. Smith, L. Hellman, Small Group Analysis in Industrial Networks, Routledge, 1992.
[6]	H. Pourrahmani, A. Yavarinasab, R. Zahedi, A. Gharehghani, M. H. Mohammadi, P. Bastani, et al., The applications of Internet of Things in the automotive industry: a review of the batteries, fuel cells, and engines, Internet Things, 19 (2022), 100579. https://doi.org/10.1016/j.iot.2022.100579 doi: 10.1016/j.iot.2022.100579
[7]	Y. Yang, K. McLaughlin, T. Littler, S. Sezer, H. F. Wang, Rule-based intrusion detection system for SCADA networks, in 2nd IET Renewable Power Generation Conference, 2013. https://doi.org/10.1049/cp.2013.1729
[8]	M. Baezner, P. Robin, Stuxnet, Report, Center for Security Studies (CSS), ETH Zürich, 2017. Available from: https://www.research-collection.ethz.ch/handle/20.500.11850/184547.
[9]	Zagaris, Bruce, Boggess, Kenneth, Cybercrime, HeinOnline, 2021. Available from: https://heinonline.org/HOL/LandingPage?handle = hein.journals/ielr37 & div = 152.
[10]	E. D. Knapp, J. T. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Elsevier, 2015.
[11]	S. Hong, C. Lv, T. Zhao, B. Wang, J. Wang, J. Zhu, Cascading failure analysis and restoration strategy in an interdependent network, J. Phys. A: Math. Theor., 49 (2016), 195101. https://doi.org/10.1088/1751-8113/49/19/195101 doi: 10.1088/1751-8113/49/19/195101
[12]	A. Kwasinski, W. Weaver, P. L. Chapman, P. T. Krein, Telecommunications power plant damage assessment for hurricane Katrina–site survey and follow-up results, IEEE Syst. J., 3 (2009), 277–287. https://doi.org/10.1109/JSYST.2009.2026783 doi: 10.1109/JSYST.2009.2026783
[13]	R. M. Lee, M. J. Assante, T. Conway, Analysis of the cyber attack on the Ukrainian power grid, Electr. Inf. Sharing Anal. Cent., 388 (2016), 1–29.
[14]	J. Angséus, R. Ekbom, Network-Based Intrusion Detection Systems for Industrial Control Systems, Master's thesis, University of Gothenburg, Gothenburg, 2017.
[15]	H. Y. Kwon, T. Kim, M. K. Lee, Advanced intrusion detection combining signature-based and behavior-based detection methods, Electronics, 11 (2022), 867. https://doi.org/10.3390/electronics11060867 doi: 10.3390/electronics11060867
[16]	Y. Jia, M. Wang, Y. Wang, Network intrusion detection algorithm based on deep neural network, IET Inf. Secur., 13 (2019), 48–53. https://doi.org/10.1049/iet-ifs.2018.5258 doi: 10.1049/iet-ifs.2018.5258
[17]	F. Rustam, M. F. Mushtaq, A. Hamza, M. S. Farooq, A. D. Jurcut, I. Ashraf, Denial of service attack classification using machine learning with multi-features, Electronice, 11 (2022), 3817. https://doi.org/10.3390/electronics11223817 doi: 10.3390/electronics11223817
[18]	N. Naz, M. A. Khan, S. A. Alsuhibany, M. Diyan, Z. Tan, M. Almas Khan, et al., Ensemble learning-based IDS for sensors telemetry data in IoT networks, Math. Biosci. Eng., 19 (2022), 10550–10580. https://doi.org/10.3934/mbe.2022493 doi: 10.3934/mbe.2022493
[19]	S. Agrawal, S. Sarkar, O. Aouedi, G. Yenduri, K. Piamrat, S. Bhattacharya, et al., Federated learning for intrusion detection system: Concepts, challenges and future directions, arXiv preprint, (2022), arXiv: 2106.09527. https://doi.org/10.48550/arXiv.2106.09527
[20]	M. Almseidin, M. Alkasassbeh, An accurate detection approach for IoT botnet attack using interpolation reasoning method, Information, 13 (2022), 300. https://doi.org/10.3390/info13060300 doi: 10.3390/info13060300
[21]	F. Zhai, T. Yang, H. Chen, B. He, S. Li, Intrusion detection method based on CNN–GRU–FL in a smart grid environment, Electronics, 12 (2023), 1164. https://doi.org/10.3390/electronics12051164 doi: 10.3390/electronics12051164
[22]	M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2013), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[23]	S. Hong, J. Zhu, L. A. Braunstein, T. Zhao, Q. You, Cascading failure and recovery of spatially interdependent networks, J. Stat. Mech: Theory Exp., 2017 (2017). https://doi.org/10.1088/1742-5468/aa8c36
[24]	I. Butun, M. Almgren, V. Gulisano, M. Papatriantafilou, Intrusion detection in industrial networks via data streaming, in Industrial IoT, Springer, (2020), 213–238. https://doi.org/10.1007/978-3-030-42500-5_6
[25]	L. Zang, D. Ma, A hybrid approach toward efficient and accurate intrusion detection for in-vehicle networks, IEEE Access, 10 (2022), 10852–10866. https://doi.org/10.1109/ACCESS.2022.3145007 doi: 10.1109/ACCESS.2022.3145007
[26]	R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system, IEEE Access, 7 (2019), 41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334 doi: 10.1109/ACCESS.2019.2895334
[27]	G. M. D. Teyou, J. Ziazet, Convolutional neural network for intrusion detection system in cyber-physical systems, arXiv preprint, (2019), arXiv: 1905.03168. https://doi.org/10.48550/arXiv.1905.03168
[28]	X. Wang, S. Yin, H. Li, J. Wang, L. Teng, A network intrusion detection method based on deep multi-scale convolutional neural network, Int. J. Wireless Inf. Networks, 27 (2020), 503–517. https://doi.org/10.1007/s10776-020-00495-3 doi: 10.1007/s10776-020-00495-3
[29]	S. Ullah, J. Ahmad, M. A. Khan, E. H. Alkhammash, M. Hadjouni, Y. Y. Ghadi, et al., A new intrusion detection system for the Internet of Things via deep convolutional neural network and feature engineering, Sensors, 22 (2022), 3607. https://doi.org/10.3390/s22103607 doi: 10.3390/s22103607
[30]	S. Hong, T. Yue, H. Liu, Vehicle energy system active defense: a health assessment of lithium-ion batteries, Int. J. Intell. Syst., 37 (2022), 10081–10099. https://doi.org/10.1002/int.22309 doi: 10.1002/int.22309
[31]	M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2012), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[32]	S. D. D. Anton, S. Sinha, H. D. Schotten, Anomaly-based intrusion detection in industrial data with SVM and random forests, arXiv preprint, (2019), arXiv: 1907.10374. https://doi.org/10.48550/arXiv.1907.10374
[33]	Z. Wang, Z. Li, D. He, S. Chan, A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning, Expert Syst. Appl., 206, (2022), 117671. https://doi.org/10.1016/j.eswa.2022.117671
[34]	S. Potluri, S. Ahmed, C. Diedrich, Securing industrial control systems from false data injection attacks with convolutional neural networks, in Development and Analysis of Deep Learning Architectures, Springer, (2020), 197–222. https://doi.org/10.1007/978-3-030-31764-5_8
[35]	S. Potluri, S. Ahmed, C. Diedrich, Convolutional neural networks for multi-class intrusion detection system, in Mining Intelligence and Knowledge Exploration, Springer, (2018), 225–238. https://doi.org/10.1007/978-3-030-05918-7_20
[36]	Y. Zhu, Y. Zi, J. Xu, Transfer learning-based SAE-CNN for industrial data processing in multiple working conditions recognition, in 2022 IEEE International Conference on Prognostics and Health Management (ICPHM), (2022), 167–172. https://doi.org/10.1109/ICPHM53196.2022.9815720
[37]	T. Cruz, L. Rosa, J. Proença, L. Maglaras, M. Aubigny, L. Lev, et al., A cybersecurity detection framework for supervisory control and data acquisition systems, IEEE Trans. Ind. Inf., 12 (2016), 2236–2246. https://doi.org/10.1109/TII.2016.2599841\newpage doi: 10.1109/TII.2016.2599841
[38]	S. Huda, J. Yearwood, M. M. Hassan, A. Almogren, Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks, Appl. Soft Comput., 71 (2018), 66–77. https://doi.org/ 10.1016/j.asoc.2018.06.017 doi: 10.1016/j.asoc.2018.06.017
[39]	J. Jiao, X. J. Zheng, Fault diagnosis method for industrial robots based on DBN joint information fusion technology, Comput. Intell. Neurosci., 2022 (2022). https://doi.org/10.1155/2022/4340817
[40]	K. Lu, G. Zeng, X. Luo, J. Weng, W. Luo, Y. Wu, Evolutionary deep belief network for cyber-attack detection in industrial automation and control system, IEEE Trans. Ind. Inf., 17 (2021), 7618–7627. https://doi.org/10.1109/TII.2021.3053304 doi: 10.1109/TII.2021.3053304
[41]	A. A. Suzen, Developing a multi-level intrusion detection system using hybrid-DBN, J. Ambient Intell. Hum. Comput., 12 (2021), 1913–1923. https://doi.org/10.1007/s12652-020-02271-w doi: 10.1007/s12652-020-02271-w
[42]	S. Zhang, J. Lai, Q. Yao, Traffic anomaly detection model of electric power industrial control based on DBN-LSTM, in 2021 IEEE 23rd Int Conf on High Performance Computing, Communications; 7th Int Conf on Data Science, Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud, Big Data Systems, Application, (2021), 1902–1907. https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00284
[43]	G. Meena, R. R. Choudhary, A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA, in 2017 International Conference on Computer, Communications and Electronics (Comptelix), (2017), 553–558. https://doi.org/10.1109/COMPTELIX.2017.8004032
[44]	L. Whaley, The critical institutional analysis and development (CIAD) framework, Int. J. Commons, 12 (2018). https://doi.org/10.18352/ijc.848
[45]	P. Foremski, C. Callegari, M. Pagano, Waterfall: Rapid identification of IP flows using cascade classification, in Computer Networks, (2014), 14–23. https://doi.org/10.1007/978-3-319-07941-7_2
[46]	R. Zuech, T. Khoshgoftaar, N. Seliya, M. M. Najafabadi, C. Kemp, A new intrusion detection benchmarking system, in Proceedings of the Twenty-Eighth International Florida Artificial Intelligence Research Society Conference, 2015.
[47]	K. M. A. Alheeti, A. Alzahrani, O. H. Jasim, D. Al-Dosary, H. M. Ahmed, M. S. Al-Ani, Intelligent detection system for multi-step cyber-attack based on machine learning, in 2023 15th International Conference on Developments in eSystems Engineering (DeSE), (2023), 510–514. https://doi.org/10.1109/DeSE58274.2023.10100226
[48]	M. Almseidin, J. Al-Sawwa, M. Alkasassbeh, Generating a benchmark cyber multi-step attacks dataset for intrusion detection, J. Intell. Fuzzy Syst., 43 (2022), 3679–3694. https://doi.org/10.3233/JIFS-213247 doi: 10.3233/JIFS-213247
[49]	S. Suthaharan, T. Panchagnula, Relevance feature selection with data cleaning for intrusion detection system, in 2012 Proceedings of IEEE Southeastcon, (2012), 1–6. https://doi.org/10.1109/SECon.2012.6196965
[50]	M. Bahrololum, E. Salahi, M. Khaleghi, Machine learning techniques for feature reduction in intrusion detection systems: A comparison, in 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology, (2009), 1091–1095. https://doi.org/10.1109/ICCIT.2009.89
[51]	J. W. Osborne, Best Practices in Data Cleaning: A Complete Guide to Everything You Need to Do Before and After Collecting Your Data, SAGE Publications, 2013. https://doi.org/10.4135/9781452269948
[52]	W. McKinney, Pandas: A foundational Python library for data analysis and statistics, Python High Perform. Sci. Comput., 14 (2011), 1–9.
[53]	K. Farhana, M. Rahman, M. T. Ahmed, An intrusion detection system for packet and flow-based networks using a deep neural network approach, Int. J. Electr. Comput. Eng., 10 (2020), 5514–5525. https://doi.org/10.11591/ijece.v10i5.pp5514-5525 doi: 10.11591/ijece.v10i5.pp5514-5525
[54]	D. T. Dantas, H. Li, T. Charton, L. Chen, R. Zhang, Machine learning based anomaly-based intrusion detection system in a full digital substation, in 15th International Conference on Developments in Power System Protection, 2020. https://doi.org/10.1049/cp.2020.0049
[55]	W. Wang, X. Zhang, S. Gombault, S. J. Knapskog, Attribute normalization in network intrusion detection, in 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks, (2009), 448–453. https://doi.org/10.1109/I-SPAN.2009.49
[56]	A. Tesfahun, D. L. Bhaskari, Intrusion detection using random forests classifier with SMOTE and feature reduction, in 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies, (2013), 127–132. https://doi.org/10.1109/CUBE.2013.31
[57]	B. Yan, G. Han, M. Sun, S. Ye, A novel region adaptive SMOTE algorithm for intrusion detection on imbalanced problem, in 2017 3rd IEEE International Conference on Computer and Communications (ICCC), (2017), 1281–1286. https://doi.org/10.1109/CompComm.2017.8322749
[58]	J. Han, W. Pak, High performance network intrusion detection system using two-stage LSTM and incremental created hybrid features, Electronics, 12 (2023), 956. https://doi.org/10.3390/electronics12040956 doi: 10.3390/electronics12040956
[59]	J. Kim, J. Kim, H. Kim, M. Shim, E. Choi, CNN-based network intrusion detection against denial-of-service attacks, Electronics, 9 (2020), 916. https://doi.org/10.3390/electronics9060916 doi: 10.3390/electronics9060916
[60]	M. Azizjon, A. Jumabek, W. Kim, 1D CNN-based network intrusion detection with normalization on imbalanced data, in 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), (2020), 218–224. https://doi.org/10.1109/ICAIIC48513.2020.9064976
[61]	S. Albawi, T. A. Mohammed, S. Al-Zawi, Understanding of a convolutional neural network, in 2017 International Conference on Engineering and Technology (ICET), (2017), 1–6. https://doi.org/10.1109/ICEngTechnol.2017.8308186
[62]	Q. Zhang, M. Zhang, T. Chen, Z. Sun, Y. Ma, B. Yu, Recent advances in convolutional neural network acceleration, arXiv preprint, (2019), arXiv: 1807.08596. https://doi.org/10.48550/arXiv.1807.08596
[63]	R. Vinayakumar, K. P. Soman, P. Poornachandran, Applying convolutional neural network for network intrusion detection, in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), (2017), 1222–1228. https://doi.org/10.1109/ICACCI.2017.8126009
[64]	P. Liu, An intrusion detection system based on convolutional neural network, in Proceedings of the 2019 11th International Conference on Computer and Automation Engineering, (2019), 62–67. https://doi.org/10.1145/3313991.3314009
[65]	N. Gupta, P. Bedi, V. Jindal, Effect of activation functions on the performance of deep learning algorithms for network intrusion detection systems, in Proceedings of ICETIT 2019, Springer, (2020), 949–960. https://doi.org/10.1007/978-3-030-30577-2_84
[66]	H. Jia, J. Liu, M. Zhang, X. He, W. Sun, Network intrusion detection based on IE-DBN model, Comput. Commun., 178 (2021), 131–140. https://doi.org/10.1016/j.comcom.2021.07.016 doi: 10.1016/j.comcom.2021.07.016
[67]	S. Ullah, M. A. Khan, J. Ahmad, S. S. Jamal, Z. Huma, M. T. Hassan, et al., HDL-IDS: a hybrid deep learning architecture for intrusion detection in the Internet of Vehicles, Sensors, 22 (2022), 1340. https://doi.org/10.3390/s22041340 doi: 10.3390/s22041340

This article has been cited by:

Boxiang Yu, Slim Ibrahim, Junling Ma, Bin Sun, Meili Li, Disease threshold of the effective degree SIS model on a random network with large degrees, 2025, 426, 00220396, 206, 10.1016/j.jde.2025.01.077

Reader Comments

Your name:*

Email:*
© 2023 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)