In recent years, the industrial network has seen a number of high-impact attacks. To counter these threats, several security systems have been implemented to detect attacks on industrial networks. However, these systems solely address issues once they have already transpired and do not proactively prevent them from occurring in the first place. The identification of malicious attacks is crucial for industrial networks, as these attacks can lead to system malfunctions, network disruptions, data corruption, and the theft of sensitive information. To ensure the effectiveness of detection in industrial networks, which necessitate continuous operation and undergo changes over time, intrusion detection algorithms should possess the capability to automatically adapt to these changes. Several researchers have focused on the automatic detection of these attacks, in which deep learning (DL) and machine learning algorithms play a prominent role. This study proposes a hybrid model that combines two DL algorithms, namely convolutional neural networks (CNN) and deep belief networks (DBN), for intrusion detection in industrial networks. To evaluate the effectiveness of the proposed model, we utilized the Multi-Step Cyber Attack (MSCAD) dataset and employed various evaluation metrics.
Citation: Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad. Multi-step attack detection in industrial networks using a hybrid deep learning architecture[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615
Related Papers:
[1]
Fabio Camilli, Adriano Festa, Silvia Tozza .
A discrete Hughes model for pedestrian flow on graphs. Networks and Heterogeneous Media, 2017, 12(1): 93-112.
doi: 10.3934/nhm.2017004
[2]
Christophe Chalons, Paola Goatin, Nicolas Seguin .
General constrained conservation laws. Application to pedestrian flow modeling. Networks and Heterogeneous Media, 2013, 8(2): 433-463.
doi: 10.3934/nhm.2013.8.433
[3]
Dirk Hartmann, Isabella von Sivers .
Structured first order conservation models for pedestrian dynamics. Networks and Heterogeneous Media, 2013, 8(4): 985-1007.
doi: 10.3934/nhm.2013.8.985
[4]
Gabriella Bretti, Roberto Natalini, Benedetto Piccoli .
Numerical approximations of a traffic flow model on networks. Networks and Heterogeneous Media, 2006, 1(1): 57-84.
doi: 10.3934/nhm.2006.1.57
[5]
Cécile Appert-Rolland, Pierre Degond, Sébastien Motsch .
Two-way multi-lane traffic model for pedestrians in corridors. Networks and Heterogeneous Media, 2011, 6(3): 351-381.
doi: 10.3934/nhm.2011.6.351
[6]
Andreas Schadschneider, Armin Seyfried .
Empirical results for pedestrian dynamics and their implications for modeling. Networks and Heterogeneous Media, 2011, 6(3): 545-560.
doi: 10.3934/nhm.2011.6.545
[7]
Antoine Tordeux, Claudia Totzeck .
Multi-scale description of pedestrian collective dynamics with port-Hamiltonian systems. Networks and Heterogeneous Media, 2023, 18(2): 906-929.
doi: 10.3934/nhm.2023039
[8]
Abdul M. Kamareddine, Roger L. Hughes .
Towards a mathematical model for stability in pedestrian flows. Networks and Heterogeneous Media, 2011, 6(3): 465-483.
doi: 10.3934/nhm.2011.6.465
[9]
Mohcine Chraibi, Ulrich Kemloh, Andreas Schadschneider, Armin Seyfried .
Force-based models of pedestrian dynamics. Networks and Heterogeneous Media, 2011, 6(3): 425-442.
doi: 10.3934/nhm.2011.6.425
[10]
Jérôme Fehrenbach, Jacek Narski, Jiale Hua, Samuel Lemercier, Asja Jelić, Cécile Appert-Rolland, Stéphane Donikian, Julien Pettré, Pierre Degond .
Time-delayed follow-the-leader model for pedestrians walking in line. Networks and Heterogeneous Media, 2015, 10(3): 579-608.
doi: 10.3934/nhm.2015.10.579
Abstract
In recent years, the industrial network has seen a number of high-impact attacks. To counter these threats, several security systems have been implemented to detect attacks on industrial networks. However, these systems solely address issues once they have already transpired and do not proactively prevent them from occurring in the first place. The identification of malicious attacks is crucial for industrial networks, as these attacks can lead to system malfunctions, network disruptions, data corruption, and the theft of sensitive information. To ensure the effectiveness of detection in industrial networks, which necessitate continuous operation and undergo changes over time, intrusion detection algorithms should possess the capability to automatically adapt to these changes. Several researchers have focused on the automatic detection of these attacks, in which deep learning (DL) and machine learning algorithms play a prominent role. This study proposes a hybrid model that combines two DL algorithms, namely convolutional neural networks (CNN) and deep belief networks (DBN), for intrusion detection in industrial networks. To evaluate the effectiveness of the proposed model, we utilized the Multi-Step Cyber Attack (MSCAD) dataset and employed various evaluation metrics.
1.
Introduction
A keystone species is one on which other species in the ecosystem largely depend. So much so that if removed there are drastic effects on the ecosystem [1]. Bears, salmon and vegetation are unique in an ecosystem because all three are keystone species dependent on one another [2]. In this ecosystem, salmon and vegetation are both food resources for bears, but the food quality differs significantly.
Salmon are much more nutrient-rich compared to vegetation, i.e., the nitrogen/phosphorous etc. concentration within salmon's bodies is much higher compared to vegetation. However, salmon must maintain homeostasis of element concentration within the body so that they must excrete excessive nutrients into the environment if the element concentration exceeds a threshold. On the other side, vegetation is less nutrient-rich but can absorb the remaining nutrient in the environment so the nutrient level within vegetation may differ significantly over time at an order of different magnitude [3,4,5].
Bears share common characteristics with salmon where bears are also nutrient-rich but must maintain a homeostasis of element concentration within their bodies [3,4,5]. When consuming poor-quality food where the element concentration is low, the energy conversion from food consumption to the bear biomass cannot be maximized. In the bear-salmon-vegetation ecosystem, salmon is good-quality food, whereas vegetation is poor-quality food. Therefore, when studying the bear-salmon-vegetation ecosystem, it is important to devise a model that depicts not only the energy transfer but also the nutrient flow between trophic levels.
One of the well-known models that study stoichiometric population dynamics is the one proposed by Loladze and Kuang [6]. The model builds on classical predator-prey models of one consumer and one food resource but incorporates a single limiting element phosphorus into modeling to distinguish food quantity and food quality. Following [6], stoichiometric models have been studied extensively, see [7,8,9,10,11,12,13] for example. More recently, Phan, Elser and Kuang extended the previous producer-grazer model framework by including multiple shared limiting elements in the modeling [14]. The formulated model excludes the non-smoothness in the original stoichiometric model but replicates qualitatively similar dynamics in a wide range of parameters [14]. We follow the modeling framework of the aforementioned studies but extend the model to include a specific nutrient-rich food resource, which agrees with the bear-salmon-vegetation ecosystem. In particular, we choose nitrogen as the limiting element of the system because nitrogen is vital for all salmon, bears and vegetation.
We organize the paper in the following. In Section 2, we formulate a stoichiometric model of one consumer and two food resources, where one food resource is of good quality but the other food resource is of poor quality. In Section 3, we analyze the existence and local stability of the steady-state solutions. In Section 4, we conduct numerical simulations that confirm the analytical results. Moreover, numerical simulations also reveal interesting dynamics when certain parameters vary in a range. We end this paper in Section 5 with conclusions and discussions.
2.
Model formulation
In the bear-salmon-vegetation ecosystem, salmon and vegetation are both food resources for bears but bears do not consume certain organs of salmon. Rather, bears leave salmon corpses around vegetation so that the vegetation absorbs any remaining nitrogen that ultimately contributes to the growth of its population. Moreover, bears and salmon are much more nutrient-rich compared to vegetation. However, salmon and bears must maintain homeostasis in nitrogen concentration within their bodies and excrete excessive nitrogen into the environment. Vegetation is less nutrient-rich but can absorb the remaining nitrogen in the environment so the nitrogen concentration in vegetation may vary at an order of different magnitude.
We first formulate a model that includes the energy transfer among trophic levels when nitrogen is abundant among all three species. Denote S(t),V(t),B(t) by the salmon population density (measured in carbon per litre), the vegetation population density (measured in carbon per litre) and the bear population density (measured in carbon per litre) respectively. The model is
where α is the growth rate of the salmon population, f(S) is the consumption rate of salmon by the bear, γ is the intrinsic growth rate of the vegetation, K is the carrying capacity of the environment, g(V) represents the consumption rate of vegetation by the bear, e1 and e2 are the energy conversion rate from the consumption of the salmon and the vegetation respectively and λ is the natural death rate of the bear. In (2.1), ϵ represents the rate of contribution to the vegetation growth due to the element recycling from the nearby salmon corpses left by bears. Furthermore, the bears produce excrement after digesting the salmon, which provides another source for vegetation to absorb the nitrogen, which contributes positively to vegetation growth at a rate of ψ[2].
The above model (2.1) assumes a linear growth rate for the salmon and a logistic growth for the vegetation. Having spent most of their lives feeding and growing at sea, salmon return to spawn and die. Salmons return to their natal streams carrying marine-derived nutrients in their body tissues. In particular, adult salmon are rich in nitrogen [2]. Salmon do not compete for resources which implies it is safe to assume a linear growth rate of γ. Vegetation, on the other hand, competes for resources limited by solar energy and follows a logistic growth rate. However, the vegetation population is not only limited by light but is also regulated by nitrogen concentration.
Because of the homeostasis of bears and salmon, we can safely assume that the N: C (nitrogen: carbon) ratio within bears and salmon are θ1 and θ2 respectively. It follows that the remaining nitrogen in the environment is N−θ1B(t)−θ2S(t). Moreover, following [6], we assume that the N: C (nitrogen: carbon) ratio within the vegetation never falls below a level NV. Combining the assumptions, we obtain another carrying capacity of the vegetation limited by nitrogen as
N−θ1B(t)−θ2S(t)NV.
Together with the carrying capacity limited by solar energy, we obtain an improved carrying capacity for the vegetation population
min{K,N−θ1B(t)−θ2S(t)NV}.
Following [6], we assume that all of the nitrogen within the system gets recycled immediately and there is no pool of free nitrogen in the environment.
It follows that the N: C ratio in vegetation is
N−θ1B(t)−θ2S(t)V(t).
Vegetation serves as good-quality food for bears if
N−θ1B(t)−θ2S(t)V(t)≥θ1,
or equivalently
N−θ1B(t)−θ2S(t)θ1V(t)≥1,
and is poor-quality food otherwise. If vegetation is good-quality food, the biomass conversion from the vegetation to the bear follows the maximum energy intake e2. However, if vegetation is poor-quality food, the biomass conversion is reduced by a ratio
N−θ1B(t)−θ2S(t)θ1V(t).
Hence, biomass conversion efficiency is not a constant but depends on both energetic and nutrient limitations. Note that we can assume that salmon is a good-quality food source for bears since salmon is nutrient-rich. Following [6], we formulate the biomass conversion from vegetation consumption as
e2min{1,N−θ1B(t)−θ2S(t)θ1V(t)}.
Taking all the aforementioned evidence into consideration, we arrive at the model below
In the following analysis, we assume a linear functional response for both predation of the salmon and the vegetation, i.e., f(S)=βS and g(V)=δV. We analyze a special case where the element recycling for the vegetation is minimum and can be ignored, i.e., ϵ=0 and ψ=0.
In the following analysis, we restrict the positive invariant set Ω to be
Ω={(S,V,B):S>0,V>0,B>0,θ1B+θ2S+NVV<N},
where the population densities are bounded by the total element concentration N in the ecosystem.
3.
Mathematical analysis
3.1. Steady state solutions
We first analyze steady-state solutions of (2.2) when ϵ=0,ψ=0. The steady-state solutions are determined by
αS−βSB=0,
(3.1)
γV[1−Vmin{K,N−θ1B−θ2SNV}]−δVB=0,
(3.2)
e1βSB+e2min{1,N−θ1B−θ2Sθ1V}δVB−λB=0.
(3.3)
Here, (3.1) implies that S=0 or B=α/β. If salmon is at extinction, i.e., S=0, then (3.3) implies that
B=0ore2min{1,N−θ1Bθ1V}δV−λ=0.
If the bear population is at extinction, i.e., B=0, then (3.2) simplifies to
γV[1−Vmin{K,N/NV}]=0.
Therefore, we obtain an extinction equilibrium E0(0,0,0) and a vegetation-only equilibrium E1(0,min{K,N/NV},0) that always exist.
If
e2min{1,N−θ1Bθ1V}δV−λ=0,
then we have
V∗=λe2δ,ifδV≤δθ1(N−θ1B),
(3.4)
or
˜B=Nθ1−λe2δ,ifδV>δθ1(N−θ1B).
(3.5)
When (3.4) holds, (3.2) reduces to
γV∗[1−V∗min{K,N−θ1BNV}]−δV∗B=0.
(3.6)
If K<(N−θ1B)/NV, then (3.6) leads to
B∗=γδ(1−V∗K).
(3.7)
Therefore, a boundary equilibrium E2(0,V∗,B∗) exists if
{B∗<min{Nθ1−λe2δ,Nθ1−KNVθ1},V∗<K.
(3.8)
If K>(N−θ1B)/NV, then (3.6) simplifies to
γV∗−γNV(V∗)2N−θ1B=δV∗B,
(3.9)
which is equivalent to
Ω1B2+Ω2B+Ω3=0,
where Ω1=θ1δV∗,Ω2=−V∗(θ1γ+δN),Ω3=γV∗(N−NVV∗). By the invariant set Ω, we have B<N/θ1. We solve for B and reject the larger root to obtain
B∗∗=−Ω2−√Ω22−4Ω1Ω32Ω1.
Therefore, a boundary equilibrium E3(0,V∗,B∗∗) exists if
Nθ1−KNVθ1<B∗∗<Nθ1−λe2δ.
Finally, when (3.5) holds, (3.2) reduces to
γV[1−Vmin{K,N−θ1˜BNV}]−δV˜B=0.
(3.10)
Solving for V and rejecting the trivial solution leads to
˜V=γ−δ˜Bγmin{K,N−θ1˜BNV}.
Therefore, a boundary equilibrium E4(0,˜V,˜B) exists if
Nθ1>λe2δ,˜V>λe2δ.
Next, we analyze the existence of steady-state solutions when the bear population exists, i.e., ˆB=α/β. Substituting ˆB into (3.3) gives
e1βˆBS+e2min{δˆBV,δˆBθ1(N−θ1ˆB−θ2S)}−λˆB=0.
(3.11)
If δˆBV>[δˆB(N−θ1ˆB−θ2S)]/θ1, solving for S in (3.11) leads to
ˉS=θ1λ−e2δ(N−θ1ˆB)e1βθ1−e2δθ2.
(3.12)
We further substitute ˉS into (3.2) and obtain
γV[1−Vmin{K,(N−θ1ˆB−θ2ˉS)/NV}]−δˆBV=0.
(3.13)
By solving for V and denoting the positive solution by ˉV, we obtain
ˉV=min{K,N−θ1ˆB−θ2ˉSNV}(1−δˆBγ).
Therefore, a positive equilibrium E5(ˉS,ˉV,ˆB) exists if
Then, the characteristic equation follows as |μI−J|=0. By substituting each equilibrium into the characteristic equation, we are able to obtain the following theorems that state the stability results. The theorem below shows the stability of the bear-extinction equilibria.
Theorem 3.1.The trivial equilibrium E0(0,0,0) and the vegetation-only equilibrium E1(0,min{K,N/NV},0) are unstable.
Proof. By evaluating (3.18) at the trivial equilibrium E0 and solving the characteristic equation |μI−J|=0, we obtain the characteristic roots
μ1=α,μ2=γ,μ3=−λ,
which demonstrates that E0 is unstable.
Similar calculations give the characteristic roots at E1
The following theorem shows the stability results of the salmon-extinction equilibria E2,E3,E4.
Theorem 3.2.The salmon-extinction equilibrium E2 is locally asymptotically stable if α/β<B∗ and is unstable if otherwise. The salmon-extinction equilibrium E3 is locally asymptotically stable if α/β<B∗∗<γ/δ and is unstable if otherwise. The salmon-extinction equilibrium E4 is locally asymptotically stable if α/β<˜B<γ/δ and is unstable if otherwise.
Proof. Direct calculations lead to the characteristic equation at E2
(μ−(α−βB∗))(μ2−J22μ−J23J32)=0,
where J22=γ−(2γV∗)/K−δB∗,J23=−δV∗,J32=e2δB∗. By using (3.7), we can simplify J22=γ−(2γV∗)/K−δB∗=γ−(2γV∗)/K−γ(1−V∗/K)=−(γV∗)/K<0. It follows that μ1=α−βB∗,μ2+μ3=−(γV∗)/K<0,μ2μ3=δV∗e2δB∗>0. Therefore, E2 is locally asymptotically stable if μ1<0, i.e., (α/β)<B∗ and is unstable if otherwise.
Similarly, by evaluating (3.18) at E3, we obtain the characteristic equation at E3
This implies that μ1=α−βB∗∗,μ2+μ3=J22,μ2μ3=−J23J32>0. By using (3.9), we can further simplify J22=γ−2(γ−δB∗∗)−δB∗∗=δB∗∗−γ. Therefore, E3 is locally asymptotically stable if μ1<0 and μ2+μ3<0, which are equivalent to α/β<B∗∗<γ/δ.
Finally, direct calculations give the characteristic equation at E4
We can further simplify J22 by using (3.10) to obtain J22=δ˜B−γ. Moreover, J33<0 is satisfied automatically when E4 exists. Therefore, E4 is locally asymptotically stable if α/β<˜B<γ/δ and is unstable otherwise.
Finally, the following theorem shows the local stabilities of the positive equilibria E5,E6,E7.
Theorem 3.3.The positive equilibrium E5(ˉS,ˉV,ˆB) is locally asymptotically stable if e1βθ1>e2δθ2 and is unstable if otherwise. The positive equilibrium E6(ˆS,ˆV,ˆB) is locally asymptotically stable if
e2δ(δ−β)K(γ−δˆB)γ+βλ>0
and is unstable if otherwise. The positive equilibrium E7(S+,V+,ˆB) is always unstable.
Proof. Direct calculations give the characteristic equation at E5
which is satisfied when E7 exists. Moreover, J22(J23J32+J13J31)>J13(J31J22−J21J32) is equivalent to J22J23+J13J21>0. It remains to verify that J13(J31J22−J21J32)>0 or equivalently J31J22−J21J32<0. Here J31J22−J21J32<0 can be simplified to 0<−γθ2NVe2δV2 by substituting (3.14) and (3.17), which leads to the contradiction. Therefore, E7 is always unstable when exists. Thus, completes the proof.
4.
Numerical simulations
4.1. Simulation of (2.2) with a linear predation
Now we explore the dynamics of (2.2) numerically. For the numerical simulation, we will be assuming that the salmon-bear-vegetation ecological system lies within the riparian forests of Alaska. More specifically, we will be looking at a 100km2 region of Lynx Creek, a tributary of the Wood River Lakes system in the Bristol Bay region of southwestern Alaska, USA (59∘29′N,158∘55′W)[2]. This is a well-documented region where we will be able to get accurate values for our parameters. Based on data from [2], we explore the following scenarios by using biologically realistic parameters.
Figure 1 shows that the salmon-extinction boundary equilibrium is locally asymptotically stable. In particular, 1(a) demonstrates that E2 is locally asymptotically stable, whereas both E3,E4 do not exist under the parameter set. Figure 1(b) indicates that E3 is locally asymptotically stable, whereas both E2,E4 do not exist under the parameter set. Moreover, Figure 1(c) shows that E4 is locally asymptotically stable, whereas both E2,E3 do not exist under the parameter set. Via our extensive numerical experiments, we find that E2 cannot coexist with either/both E3,E4.Figure 2 demonstrates that all salmon, vegetation and bear populations coexist together. Figure 2(a) shows that the positive equilibrium E5 is locally asymptotically stable, whereas E6 does not exist under the parameter set. Figure 2(b) shows that the positive equilibrium E6 is locally asymptotically stable, whereas E5 does not exist under the parameter set.
Figure 1.
Locally asymptotically stable E2,E3,E4 respectively. Parameter values for 1(a): α=0.008,β=0.3507,γ=1.1036,K=6.8951,N=0.9533,θ1=0.2371, θ2=0.1371,NV=0.0115,δ=0.6217, e1=0.5676,e2=0.8817,λ=0.5088. Parameter values for 1(b): α=0.9746, β=0.6764,γ=1.4623,K=35.4971,N=0.9610,θ1=0.2046,θ2=0.1046,NV=0.0367, δ=0.7535,e1=0.4830,e2=0.3214,λ=0.6319. Parameter values for 1(c): α=0.8815,β=0.9483,γ=9.7637,K=33.1267,N=0.6990,θ1=0.2623,θ2=0.1623, NV=0.0873,δ=0.8055,e1=0.1425,e2=0.1705,λ=0.1755.
Next, we explore how the vegetation growth rate impacts the long-term dynamics of (2.2). We generate Figure 3 by using the same set of parameter as Figure 2(b) but varying γ.Figure 3(a) demonstrates that a small vegetation growth rate drives the vegetation population to extinction, whereas salmon coexist with bears, but the populations oscillate periodically. On the other hand, the salmon population goes to extinction, but the vegetation coexists with bears at a steady state when γ is large. The results are reasonable biologically because a small vegetation growth rate cannot sustain the persistence of the vegetation population. However, a large vegetation growth rate facilitates the nitrogen recycling of the vegetation, which supports the bear population via consumption but drives the salmon population to extinction due to the scarcity of nitrogen.
Figure 3.
Salmon, vegetation and bear populations over time with small γ (3(a)) or large γ (3(b)). The parameters are the same as Figure 2(b) except γ, where γ=0.5 for 3(a) and γ=1.2 for 3(b).
Finally, Figure 4(a) demonstrates another scenario where the salmon, bear and vegetation coexist but the populations oscillate periodically. However, Figure 4(b) shows that a larger vegetation growth rate may stabilize the oscillating populations to a steady state.
Figure 4.
Salmon, vegetation and bear populations over time with small γ (4(a)) or large γ (4(b)). The parameters values are α=2,β=1.2,K=15,N=1.2,θ1=0.1,θ2=0.15,NV=0.1, δ=0.9,e1=0.8,e2=0.1,λ=1.8,γ=1.6 for 4(a), and γ=4 for 4(b).
4.2. Simulation of (2.2) with a logistic growth of the salmon population and Holling type Ⅱ predation
Next, we explore the extended model of (2.2) where the salmon population follows a logistic growth
S′(t)=αS(1−SK1)−f(S)B.
We consider that the predation of the salmon and the vegetation now follow the Holling type Ⅱ functional response [15]
f(S)=βSh1+S,g(V)=δVh2+V,
where h1,h2 represent the half-saturating constants respectively.
Figure 5(a) demonstrates the bifurcation diagram of the salmon population with respect to the salmon carrying capacity K1. Moreover, Figure 5(b) demonstrates the bifurcation diagram of the vegetation population with respect to K1. The bifurcation diagram of the bear population with respect to K1 is similar to Figure 5(a) and is thus omitted. Figure 5 shows that the salmon, vegetation and bear populations coexist at a steady state if the salmon carrying capacity is relatively small. However, when K1 increases and passes 4.1, the vegetation population goes to extinction, whereas the salmon population coexists with the bear population at a steady state. Moreover, when K1 further increases and passes 5.7, the vegetation population remains at extinction, but the salmon and bear populations oscillate periodically. The results are biologically reasonable because if the salmon carrying capacity is relatively small, the salmon, vegetation and bear compete for the nutrients but coexist due to the scarcity of the salmon population. However, if the salmon carrying capacity is at the intermediate range, the competition for nutrients drives the vegetation population to extinction because the salmon and bear are more nutrient-rich. Finally, a large salmon carrying capacity destabilizes the coexistence steady-state of the salmon and bear due to the enrichment of salmon.
Figure 5.
Bifurcation diagram of the salmon population/vegetation population with respect to the salmon carrying capacity K1 for 5(a) and 5(b) respectively. The parameters values are the same as 3(a) except β=4.7875,δ=4.538,h1=5,h2=5.
Next, to compare the dynamics of the salmon-vegetation-bear model with the grazer-consumer model in [6], we run the simulation by using the same set of parameters as in [6], except the salmon carrying capacity K1 and the half-saturating constant of the salmon consumption h1.Figure 6 shows the bifurcation diagram of the salmon population/vegetation population/bear population with respect to the vegetation carrying capacity K respectively. If K is relatively small, Figure 6 shows that the salmon, bear and vegetation populations coexist at a steady state. However, when K increases and passes 0.24, the salmon population goes to extinction, whereas the vegetation and bear populations coexist at a steady state. If K further increases and passes 0.55, the vegetation and bear coexist but the populations oscillate periodically. If K further increases and passes 0.97, the vegetation and bear populations coexist but return to the steady state status. Finally, if K becomes relatively large and passes 1.5, the salmon population is no longer extinct but coexists with the vegetation and bear populations at a steady state.
Figure 6.
Bifurcation diagram of the salmon population/vegetation population/bear population with respect to the vegetation carrying capacity K for 6(a), 6(b) and 6(c) respectively. Parameters values: α=0.8,β=0.95,γ=1.2,N=0.025,θ1=0.03,θ2=0.03,NV=0.0038, δ=0.81,e1=0.9,e2=0.8,λ=0.25,K1=0.3,h1=0.25,h2=0.25.
Overall, when K is within the intermediate range, i.e., the salmon population is at extinction, Figures 6(a), 6(b) and 6(c) demonstrate similar dynamics with the producer-grazer model in [6]. The vegetation-bear coexistent steady state loses stability due to energy enrichment. However, a larger carrying capacity limited by the light energy drives the oscillating vegetation and bear populations to a steady state because of the competition for nutrients. Different from the results in [6], the bear population does not go to extinction but coexists with either/both salmon or/and vegetation populations when K is relatively small or large. The results suggest that a low or high carrying capacity limited by light energy facilitates the persistence of all salmon, vegetation and bear populations. Moreover, an intermediate carrying capacity limited by light energy drives the salmon population to extinction.
5.
Conclusions and discussion
In this paper, we study an ecosystem of bears, salmon and vegetation, where bears consume salmon and vegetation for survival. Because salmon return to their natal streams to spawn and carry marine-derived nutrients, it is important to characterize the nutritional level difference between salmon, bears, and vegetation. In general, salmon and bears are more nutrient-rich compared to vegetation but must maintain homeostasis of the nutritional level within their bodies. On the other side, vegetation is less nutrient-rich but can recycle the remaining nutrient in the environment and the nutritional level within the body may differ significantly.
We propose a stoichiometric predator-prey model that tracks both the energy flow and the nutrient recycling from one trophic level to another. Analytical results show that boundary equilibria E0,E1 where bears are extinct exist but are always unstable. Moreover, boundary equilibria E2,E3,E4 where salmon are extinct but bears persist may exist and remain locally asymptotically stable if certain conditions are satisfied. Positive equilibria E5,E6,E7 where salmon, bears and vegetation coexist may exist if certain conditions are satisfied. Analyses show that E5 and E6 may remain locally asymptotically stable under certain conditions, but E7 is always unstable.
Numerical simulations demonstrate that a small vegetation growth rate may drive the vegetation population to extinction where the salmon population and the bear population coexist in the periodic setting. Moreover, a large vegetation growth rate may drive the salmon population to extinction but the vegetation coexists with the bears at a steady state. Alternatively, the salmon, bears and vegetation populations may coexist periodically. In this scenario, a large vegetation growth rate may stabilize the system and drive the salmon, bear and vegetation to coexist at a steady state.
In this paper, for the analytical analysis, we adopt the linear functional response for the predation of the salmon and the predation of the vegetation in (2.2) for simplicity. However, a linear functional response has its limitation and is more suitable for an ecosystem with a sparse population density. A Holling type Ⅱ functional response has a saturating effect when population density becomes large and therefore may be suitable for a broader regime [15]. Figures 5 and 6 in the simulation also confirm that rich dynamics may occur if the Holling type Ⅱ functional response is adopted. Because of the nonlinearity of the Holling type Ⅱ functional response, we expect that the analytical analysis becomes more challenging but on the other hand may deepen our understanding of the ecosystem of keystone species, which leaves as future works.
Use of AI tools declaration
The authors declare they have not used Artificial Intelligence (AI) tools in the creation of this article.
Acknowledgments
CM is grateful for funding from the NSERC USRA. XW is grateful for funding from the NSERC of Canada (RGPIN-2020-06825 and DGECR-2020-00369).
Conflict of interest
The authors declare there is no conflict of interest.
References
[1]
R. M. Balajee, M. K. J. Kannan, Intrusion detection on AWS cloud through hybrid deep learning algorithm, Electronics, 12 (2023), 1423. https://doi.org/10.3390/electronics12061423 doi: 10.3390/electronics12061423
[2]
M. J. Kaur, V. P. Mishra, P. Maheshwari, The convergence of digital twin, IoT, and machine learning: transforming data into action, in Digital Twin Technologies and Smart Cities, Springer, (2020), 3–17. https://link.springer.com/chapter/10.1007/978-3-030-18732-3_1
[3]
O. Abualghanam, H. Alazzam, B. Elshqeirat, M. Qatawneh, M. A. Almaiah, Real-time detection system for data exfiltration over DNS tunneling using machine learning, Electronics, 12 (2020), 1467. https://doi.org/10.3390/electronics12061467 doi: 10.3390/electronics12061467
[4]
B. Axelsson, G. Easton, Industrial Networks (Routledge Revivals): A New View of Reality, Routledge, 1992.
[5]
P. C. Smith, L. Hellman, Small Group Analysis in Industrial Networks, Routledge, 1992.
[6]
H. Pourrahmani, A. Yavarinasab, R. Zahedi, A. Gharehghani, M. H. Mohammadi, P. Bastani, et al., The applications of Internet of Things in the automotive industry: a review of the batteries, fuel cells, and engines, Internet Things, 19 (2022), 100579. https://doi.org/10.1016/j.iot.2022.100579 doi: 10.1016/j.iot.2022.100579
[7]
Y. Yang, K. McLaughlin, T. Littler, S. Sezer, H. F. Wang, Rule-based intrusion detection system for SCADA networks, in 2nd IET Renewable Power Generation Conference, 2013. https://doi.org/10.1049/cp.2013.1729
E. D. Knapp, J. T. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, Elsevier, 2015.
[11]
S. Hong, C. Lv, T. Zhao, B. Wang, J. Wang, J. Zhu, Cascading failure analysis and restoration strategy in an interdependent network, J. Phys. A: Math. Theor., 49 (2016), 195101. https://doi.org/10.1088/1751-8113/49/19/195101 doi: 10.1088/1751-8113/49/19/195101
[12]
A. Kwasinski, W. Weaver, P. L. Chapman, P. T. Krein, Telecommunications power plant damage assessment for hurricane Katrina–site survey and follow-up results, IEEE Syst. J., 3 (2009), 277–287. https://doi.org/10.1109/JSYST.2009.2026783 doi: 10.1109/JSYST.2009.2026783
[13]
R. M. Lee, M. J. Assante, T. Conway, Analysis of the cyber attack on the Ukrainian power grid, Electr. Inf. Sharing Anal. Cent., 388 (2016), 1–29.
[14]
J. Angséus, R. Ekbom, Network-Based Intrusion Detection Systems for Industrial Control Systems, Master's thesis, University of Gothenburg, Gothenburg, 2017.
[15]
H. Y. Kwon, T. Kim, M. K. Lee, Advanced intrusion detection combining signature-based and behavior-based detection methods, Electronics, 11 (2022), 867. https://doi.org/10.3390/electronics11060867 doi: 10.3390/electronics11060867
[16]
Y. Jia, M. Wang, Y. Wang, Network intrusion detection algorithm based on deep neural network, IET Inf. Secur., 13 (2019), 48–53. https://doi.org/10.1049/iet-ifs.2018.5258 doi: 10.1049/iet-ifs.2018.5258
[17]
F. Rustam, M. F. Mushtaq, A. Hamza, M. S. Farooq, A. D. Jurcut, I. Ashraf, Denial of service attack classification using machine learning with multi-features, Electronice, 11 (2022), 3817. https://doi.org/10.3390/electronics11223817 doi: 10.3390/electronics11223817
[18]
N. Naz, M. A. Khan, S. A. Alsuhibany, M. Diyan, Z. Tan, M. Almas Khan, et al., Ensemble learning-based IDS for sensors telemetry data in IoT networks, Math. Biosci. Eng., 19 (2022), 10550–10580. https://doi.org/10.3934/mbe.2022493 doi: 10.3934/mbe.2022493
[19]
S. Agrawal, S. Sarkar, O. Aouedi, G. Yenduri, K. Piamrat, S. Bhattacharya, et al., Federated learning for intrusion detection system: Concepts, challenges and future directions, arXiv preprint, (2022), arXiv: 2106.09527. https://doi.org/10.48550/arXiv.2106.09527
[20]
M. Almseidin, M. Alkasassbeh, An accurate detection approach for IoT botnet attack using interpolation reasoning method, Information, 13 (2022), 300. https://doi.org/10.3390/info13060300 doi: 10.3390/info13060300
[21]
F. Zhai, T. Yang, H. Chen, B. He, S. Li, Intrusion detection method based on CNN–GRU–FL in a smart grid environment, Electronics, 12 (2023), 1164. https://doi.org/10.3390/electronics12051164 doi: 10.3390/electronics12051164
[22]
M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2013), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[23]
S. Hong, J. Zhu, L. A. Braunstein, T. Zhao, Q. You, Cascading failure and recovery of spatially interdependent networks, J. Stat. Mech: Theory Exp., 2017 (2017). https://doi.org/10.1088/1742-5468/aa8c36
[24]
I. Butun, M. Almgren, V. Gulisano, M. Papatriantafilou, Intrusion detection in industrial networks via data streaming, in Industrial IoT, Springer, (2020), 213–238. https://doi.org/10.1007/978-3-030-42500-5_6
[25]
L. Zang, D. Ma, A hybrid approach toward efficient and accurate intrusion detection for in-vehicle networks, IEEE Access, 10 (2022), 10852–10866. https://doi.org/10.1109/ACCESS.2022.3145007 doi: 10.1109/ACCESS.2022.3145007
[26]
R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, S. Venkatraman, Deep learning approach for intelligent intrusion detection system, IEEE Access, 7 (2019), 41525–41550. https://doi.org/10.1109/ACCESS.2019.2895334 doi: 10.1109/ACCESS.2019.2895334
[27]
G. M. D. Teyou, J. Ziazet, Convolutional neural network for intrusion detection system in cyber-physical systems, arXiv preprint, (2019), arXiv: 1905.03168. https://doi.org/10.48550/arXiv.1905.03168
[28]
X. Wang, S. Yin, H. Li, J. Wang, L. Teng, A network intrusion detection method based on deep multi-scale convolutional neural network, Int. J. Wireless Inf. Networks, 27 (2020), 503–517. https://doi.org/10.1007/s10776-020-00495-3 doi: 10.1007/s10776-020-00495-3
[29]
S. Ullah, J. Ahmad, M. A. Khan, E. H. Alkhammash, M. Hadjouni, Y. Y. Ghadi, et al., A new intrusion detection system for the Internet of Things via deep convolutional neural network and feature engineering, Sensors, 22 (2022), 3607. https://doi.org/10.3390/s22103607 doi: 10.3390/s22103607
[30]
S. Hong, T. Yue, H. Liu, Vehicle energy system active defense: a health assessment of lithium-ion batteries, Int. J. Intell. Syst., 37 (2022), 10081–10099. https://doi.org/10.1002/int.22309 doi: 10.1002/int.22309
[31]
M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, IEEE Trans. Ind. Inf., 9 (2012), 277–293. https://doi.org/10.1109/TII.2012.2198666 doi: 10.1109/TII.2012.2198666
[32]
S. D. D. Anton, S. Sinha, H. D. Schotten, Anomaly-based intrusion detection in industrial data with SVM and random forests, arXiv preprint, (2019), arXiv: 1907.10374. https://doi.org/10.48550/arXiv.1907.10374
[33]
Z. Wang, Z. Li, D. He, S. Chan, A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning, Expert Syst. Appl., 206, (2022), 117671. https://doi.org/10.1016/j.eswa.2022.117671
[34]
S. Potluri, S. Ahmed, C. Diedrich, Securing industrial control systems from false data injection attacks with convolutional neural networks, in Development and Analysis of Deep Learning Architectures, Springer, (2020), 197–222. https://doi.org/10.1007/978-3-030-31764-5_8
[35]
S. Potluri, S. Ahmed, C. Diedrich, Convolutional neural networks for multi-class intrusion detection system, in Mining Intelligence and Knowledge Exploration, Springer, (2018), 225–238. https://doi.org/10.1007/978-3-030-05918-7_20
[36]
Y. Zhu, Y. Zi, J. Xu, Transfer learning-based SAE-CNN for industrial data processing in multiple working conditions recognition, in 2022 IEEE International Conference on Prognostics and Health Management (ICPHM), (2022), 167–172. https://doi.org/10.1109/ICPHM53196.2022.9815720
[37]
T. Cruz, L. Rosa, J. Proença, L. Maglaras, M. Aubigny, L. Lev, et al., A cybersecurity detection framework for supervisory control and data acquisition systems, IEEE Trans. Ind. Inf., 12 (2016), 2236–2246. https://doi.org/10.1109/TII.2016.2599841\newpage doi: 10.1109/TII.2016.2599841
[38]
S. Huda, J. Yearwood, M. M. Hassan, A. Almogren, Securing the operations in SCADA-IoT platform based industrial control system using ensemble of deep belief networks, Appl. Soft Comput., 71 (2018), 66–77. https://doi.org/ 10.1016/j.asoc.2018.06.017 doi: 10.1016/j.asoc.2018.06.017
[39]
J. Jiao, X. J. Zheng, Fault diagnosis method for industrial robots based on DBN joint information fusion technology, Comput. Intell. Neurosci., 2022 (2022). https://doi.org/10.1155/2022/4340817
[40]
K. Lu, G. Zeng, X. Luo, J. Weng, W. Luo, Y. Wu, Evolutionary deep belief network for cyber-attack detection in industrial automation and control system, IEEE Trans. Ind. Inf., 17 (2021), 7618–7627. https://doi.org/10.1109/TII.2021.3053304 doi: 10.1109/TII.2021.3053304
[41]
A. A. Suzen, Developing a multi-level intrusion detection system using hybrid-DBN, J. Ambient Intell. Hum. Comput., 12 (2021), 1913–1923. https://doi.org/10.1007/s12652-020-02271-w doi: 10.1007/s12652-020-02271-w
[42]
S. Zhang, J. Lai, Q. Yao, Traffic anomaly detection model of electric power industrial control based on DBN-LSTM, in 2021 IEEE 23rd Int Conf on High Performance Computing, Communications; 7th Int Conf on Data Science, Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud, Big Data Systems, Application, (2021), 1902–1907. https://doi.org/10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00284
[43]
G. Meena, R. R. Choudhary, A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA, in 2017 International Conference on Computer, Communications and Electronics (Comptelix), (2017), 553–558. https://doi.org/10.1109/COMPTELIX.2017.8004032
[44]
L. Whaley, The critical institutional analysis and development (CIAD) framework, Int. J. Commons, 12 (2018). https://doi.org/10.18352/ijc.848
[45]
P. Foremski, C. Callegari, M. Pagano, Waterfall: Rapid identification of IP flows using cascade classification, in Computer Networks, (2014), 14–23. https://doi.org/10.1007/978-3-319-07941-7_2
[46]
R. Zuech, T. Khoshgoftaar, N. Seliya, M. M. Najafabadi, C. Kemp, A new intrusion detection benchmarking system, in Proceedings of the Twenty-Eighth International Florida Artificial Intelligence Research Society Conference, 2015.
[47]
K. M. A. Alheeti, A. Alzahrani, O. H. Jasim, D. Al-Dosary, H. M. Ahmed, M. S. Al-Ani, Intelligent detection system for multi-step cyber-attack based on machine learning, in 2023 15th International Conference on Developments in eSystems Engineering (DeSE), (2023), 510–514. https://doi.org/10.1109/DeSE58274.2023.10100226
[48]
M. Almseidin, J. Al-Sawwa, M. Alkasassbeh, Generating a benchmark cyber multi-step attacks dataset for intrusion detection, J. Intell. Fuzzy Syst., 43 (2022), 3679–3694. https://doi.org/10.3233/JIFS-213247 doi: 10.3233/JIFS-213247
[49]
S. Suthaharan, T. Panchagnula, Relevance feature selection with data cleaning for intrusion detection system, in 2012 Proceedings of IEEE Southeastcon, (2012), 1–6. https://doi.org/10.1109/SECon.2012.6196965
[50]
M. Bahrololum, E. Salahi, M. Khaleghi, Machine learning techniques for feature reduction in intrusion detection systems: A comparison, in 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology, (2009), 1091–1095. https://doi.org/10.1109/ICCIT.2009.89
[51]
J. W. Osborne, Best Practices in Data Cleaning: A Complete Guide to Everything You Need to Do Before and After Collecting Your Data, SAGE Publications, 2013. https://doi.org/10.4135/9781452269948
[52]
W. McKinney, Pandas: A foundational Python library for data analysis and statistics, Python High Perform. Sci. Comput., 14 (2011), 1–9.
[53]
K. Farhana, M. Rahman, M. T. Ahmed, An intrusion detection system for packet and flow-based networks using a deep neural network approach, Int. J. Electr. Comput. Eng., 10 (2020), 5514–5525. https://doi.org/10.11591/ijece.v10i5.pp5514-5525 doi: 10.11591/ijece.v10i5.pp5514-5525
[54]
D. T. Dantas, H. Li, T. Charton, L. Chen, R. Zhang, Machine learning based anomaly-based intrusion detection system in a full digital substation, in 15th International Conference on Developments in Power System Protection, 2020. https://doi.org/10.1049/cp.2020.0049
[55]
W. Wang, X. Zhang, S. Gombault, S. J. Knapskog, Attribute normalization in network intrusion detection, in 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks, (2009), 448–453. https://doi.org/10.1109/I-SPAN.2009.49
[56]
A. Tesfahun, D. L. Bhaskari, Intrusion detection using random forests classifier with SMOTE and feature reduction, in 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies, (2013), 127–132. https://doi.org/10.1109/CUBE.2013.31
[57]
B. Yan, G. Han, M. Sun, S. Ye, A novel region adaptive SMOTE algorithm for intrusion detection on imbalanced problem, in 2017 3rd IEEE International Conference on Computer and Communications (ICCC), (2017), 1281–1286. https://doi.org/10.1109/CompComm.2017.8322749
[58]
J. Han, W. Pak, High performance network intrusion detection system using two-stage LSTM and incremental created hybrid features, Electronics, 12 (2023), 956. https://doi.org/10.3390/electronics12040956 doi: 10.3390/electronics12040956
[59]
J. Kim, J. Kim, H. Kim, M. Shim, E. Choi, CNN-based network intrusion detection against denial-of-service attacks, Electronics, 9 (2020), 916. https://doi.org/10.3390/electronics9060916 doi: 10.3390/electronics9060916
[60]
M. Azizjon, A. Jumabek, W. Kim, 1D CNN-based network intrusion detection with normalization on imbalanced data, in 2020 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), (2020), 218–224. https://doi.org/10.1109/ICAIIC48513.2020.9064976
[61]
S. Albawi, T. A. Mohammed, S. Al-Zawi, Understanding of a convolutional neural network, in 2017 International Conference on Engineering and Technology (ICET), (2017), 1–6. https://doi.org/10.1109/ICEngTechnol.2017.8308186
[62]
Q. Zhang, M. Zhang, T. Chen, Z. Sun, Y. Ma, B. Yu, Recent advances in convolutional neural network acceleration, arXiv preprint, (2019), arXiv: 1807.08596. https://doi.org/10.48550/arXiv.1807.08596
[63]
R. Vinayakumar, K. P. Soman, P. Poornachandran, Applying convolutional neural network for network intrusion detection, in 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), (2017), 1222–1228. https://doi.org/10.1109/ICACCI.2017.8126009
[64]
P. Liu, An intrusion detection system based on convolutional neural network, in Proceedings of the 2019 11th International Conference on Computer and Automation Engineering, (2019), 62–67. https://doi.org/10.1145/3313991.3314009
[65]
N. Gupta, P. Bedi, V. Jindal, Effect of activation functions on the performance of deep learning algorithms for network intrusion detection systems, in Proceedings of ICETIT 2019, Springer, (2020), 949–960. https://doi.org/10.1007/978-3-030-30577-2_84
[66]
H. Jia, J. Liu, M. Zhang, X. He, W. Sun, Network intrusion detection based on IE-DBN model, Comput. Commun., 178 (2021), 131–140. https://doi.org/10.1016/j.comcom.2021.07.016 doi: 10.1016/j.comcom.2021.07.016
[67]
S. Ullah, M. A. Khan, J. Ahmad, S. S. Jamal, Z. Huma, M. T. Hassan, et al., HDL-IDS: a hybrid deep learning architecture for intrusion detection in the Internet of Vehicles, Sensors, 22 (2022), 1340. https://doi.org/10.3390/s22041340 doi: 10.3390/s22041340
Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad. Multi-step attack detection in industrial networks using a hybrid deep learning architecture[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615
Muhammad Hassan Jamal, Muazzam A Khan, Safi Ullah, Mohammed S. Alshehri, Sultan Almakdi, Umer Rashid, Abdulwahab Alazeb, Jawad Ahmad. Multi-step attack detection in industrial networks using a hybrid deep learning architecture[J]. Mathematical Biosciences and Engineering, 2023, 20(8): 13824-13848. doi: 10.3934/mbe.2023615