Skip to main content
SpringerLink
Log in

Deep Representation Learning for Cyber-Attack Detection in Industrial IoT

  • Chapter
  • First Online:
AI-Enabled Threat Detection and Security Analysis for Industrial IoT

Abstract

Industrial Control System (ICSs), one type of Operational Technology (OT), plays an essential role in monitoring and controlling critical infrastructures such as power plants, smart grids, oil and gas industries, and transportation. To maintain the security of ICSs from cyber-attacks, they were placed on isolated communication networks, where they were relatively obscure and unknown to most attackers. The integration of the Internet of Things (IoT) in ICSs opens up the possibility of remote monitoring, access, and control of the critical infrastructure (CI), leading to more agile and efficient systems. This is called the Industrial Internet of Things (IIoT). However, this integration increases the vulnerabilities of ICS towards cyber-attacks. Due to the IIoT and ICS environment, a compromise in the system may lead to severe danger to human life or the environment. The growing number of cyber-attacks against IIoT in recent years elevates a significant concern for proper and timely security solutions for these systems. Besides, due to the differences between the IT and OT networks, IT cyber-security tools and systems are not suitable for IIoT. These differences include network protocols and types of assets. Besides, in the IT networks, the main focus is on throughput management of the network, while the OT focuses on reliability and punctuality. In this chapter, cyber-attack detection in IIoT using Machine Learning (ML) techniques was discussed, and an unsupervised deep representation learning was proposed to handle the imbalanced IIoT data. The new representation was evaluated using seven IIoT datasets and compared with six other ML techniques in accuracy, precision, recall, and f-measure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. HaddadPajouh H, Dehghantanha A, M. Parizi R, et al (2019) A survey on internet of things security: Requirements, challenges, and solutions. Internet of Things 100129. https://doi.org/10.1016/j.iot.2019.100129

  2. Sakhnini J, Karimipour H, Dehghantanha A, et al (2019) Security aspects of Internet of Things aided smart grids: A bibliometric survey. Internet of Things 100111. https://doi.org/10.1016/j.iot.2019.100111

  3. SonicWall (2020) 2020 SonicWall cyber threat report

    Google Scholar 

  4. Singh S, Karimipour H, HaddadPajouh H, Dehghantanha A (2020) Artificial Intelligence and Security of Industrial Control Systems. In: Choo K-KR, Dehghantanha A (eds) Handbook of Big Data Privacy. Springer International Publishing, Cham, pp 121–164

    Chapter  Google Scholar 

  5. Karimipour H, Dehghantanha A, Parizi RM, et al (2019) A Deep and Scalable Unsupervised Machine Learning System for Cyber-Attack Detection in Large-Scale Smart Grids. IEEE Access 7:80778–80788. https://doi.org/10.1109/ACCESS.2019.2920326

  6. Yan W, Mestha LK, Abbaszadeh M (2019) Attack Detection for Securing Cyber Physical Systems. IEEE Internet Things J 6:8471–8481. https://doi.org/10.1109/JIOT.2019.2919635

    Article  Google Scholar 

  7. Cui Z, Xue F, Cai X, et al (2018) Detection of Malicious Code Variants Based on Deep Learning. IEEE Trans Ind Informatics 1–1. https://doi.org/10.1109/TII.2018.2822680

  8. Zhang F, Kodituwakku HADE, Hines JW, Coble J (2019) Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data. IEEE Trans Ind Informatics 15:4362–4369. https://doi.org/10.1109/TII.2019.2891261

    Article  Google Scholar 

  9. Ma R, Cheng P, Zhang Z, et al (2019) Stealthy Attack Against Redundant Controller Architecture of Industrial Cyber-Physical System. IEEE Internet Things J 6:9783–9793. https://doi.org/10.1109/JIOT.2019.2931349

    Article  Google Scholar 

  10. CISA (2016) Cyber-Attack Against Ukrainian Critical Infrastructure. https://www.us-cert.gov/ics/alerts/IR-ALERT-H-16-056-01

  11. Falco G, Caldera C, Shrobe H (2018) IIoT Cybersecurity Risk Modeling for SCADA Systems. IEEE Internet Things J 5:4486–4495. https://doi.org/10.1109/JIOT.2018.2822842

    Article  Google Scholar 

  12. Higgins KJ (2010) Security Incidents Rise In Industrial Control Systems. https://www.darkreading.com/attacks-breaches/security-incidents-rise-in-industrial-control-systems-/d/d-id/1133388

  13. Karimipour H, Srikantha P, Farag H, Wei-Kocsis J (2020) Security of Cyber-Physical Systems. Springer International Publishing, Cham

    Book  Google Scholar 

  14. Al-Abassi A, Karimipour H, HaddadPajouh H, et al (2020) Industrial Big Data Analytics: Challenges and Opportunities. In: Choo K-KR, Dehghantanha A (eds) Handbook of Big Data Privacy. Springer International Publishing, Cham, pp 37–61

    Chapter  Google Scholar 

  15. Yang J, Zhou C, Yang S, et al (2018) Anomaly Detection Based on Zone Partition for Security Protection of Industrial Cyber-Physical Systems. IEEE Trans Ind Electron 65:4257–4267. https://doi.org/10.1109/TIE.2017.2772190

    Article  Google Scholar 

  16. Singh S, Karimipour H, Pajooh H, Dehghantanha A (2019) Artificial Intelligence and Security of Industrial Control Systems. In: Handbook of Big Data and Privacy. pp 1–32

    Google Scholar 

  17. Tahsien SM, Karimipour H, Spachos P (2020) Machine learning based solutions for security of Internet of Things (IoT): A survey. J Netw Comput Appl 161:102630. https://doi.org/10.1016/j.jnca.2020.102630

    Article  Google Scholar 

  18. Public Safety Canada (2018) National Cyber Security Action Plan (2019-2024). https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg-2019/index-en.aspx

  19. Ntalampiras S (2015) Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling. IEEE Trans Ind Informatics 11:104–111. https://doi.org/10.1109/TII.2014.2367322

    Article  Google Scholar 

  20. Mohammadi S, Mirvaziri H, Ghazizadeh-Ahsaee M, Karimipour H (2019) Cyber intrusion detection by combined feature selection algorithm. J Inf Secur Appl 44:80–88. https://doi.org/10.1016/j.jisa.2018.11.007

    Google Scholar 

  21. E. Nowroozi, A. Dehghantanha, R. M. Parizi, and K.-K. R. Choo, “A survey of machine learning techniques in adversarial image forensics,” Computers & Security, vol. 100, p. 102092, 2021.

    Article  Google Scholar 

  22. A. Yazdinejad, G. Srivastava, R. M. Parizi, A. Dehghantanha, H. Karimipour, and S. R. Karizno, “SLPoW: Secure and Low Latency Proof of Work Protocol for Blockchain in Green IoT Networks,” in 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring), 2020, pp. 1–5: IEEE.

    Google Scholar 

  23. Ponomarev S, Atkison T (2016) Industrial Control System Network Intrusion Detection by Telemetry Analysis. IEEE Trans Dependable Secur Comput 13:252–260. https://doi.org/10.1109/TDSC.2015.2443793

    Article  Google Scholar 

  24. A. Yazdinejadna, R. M. Parizi, A. Dehghantanha, and M. S. Khan, “A kangaroo-based intrusion detection system on software-defined networks,” Computer Networks, vol. 184, p. 107688, 2021.

    Article  Google Scholar 

  25. A. N. Jahromi, S. Hashemi, A. Dehghantanha, R. M. Parizi and K. -K. R. Choo, “An Enhanced Stacked LSTM Method With No Random Initialization for Malware Threat Hunting in Safety and Time-Critical Systems,” in IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 4, no. 5, pp. 630–640, Oct. 2020, https://doi.org/10.1109/TETCI.2019.2910243.

  26. Chi-Ho Tsang, Kwong S (2005) Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction. In: 2005 IEEE International Conference on Industrial Technology. pp 51–56

    Google Scholar 

  27. Pang Z, Liu G, Zhou D, et al (2016) Two-Channel False Data Injection Attacks Against Output Tracking Control of Networked Systems. IEEE Trans Ind Electron 63:3242–3251. https://doi.org/10.1109/TIE.2016.2535119

    Article  Google Scholar 

  28. Clemente JF (2018) No CYBER SECURITY FOR CRITICAL ENERGY INFRASTRUCTURE. Naval Postgraduate School

    Google Scholar 

  29. Gao W, Morris T (2014) On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems. J Digit Forensics, Secur Law. https://doi.org/10.15394/jdfsl.2014.1162

  30. Maglaras LA, Jiang J (2014) Intrusion detection in SCADA systems using machine learning techniques. In: 2014 Science and Information Conference. pp 626–631

    Google Scholar 

  31. Luo Y (2013) Research and design on intrusion detection methods for industrial control system. Zhejiang University

    Google Scholar 

  32. He Y, Mendis GJ, Wei J (2017) Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism. IEEE Trans Smart Grid 8:2505–2516. https://doi.org/10.1109/TSG.2017.2703842

    Article  Google Scholar 

  33. Krawczyk B (2016) Learning from imbalanced data: open challenges and future directions. Prog Artif Intell 5:221–232. https://doi.org/10.1007/s13748-016-0094-0

    Article  Google Scholar 

  34. Linda O, Manic M, Vollmer T, Wright J (2011) Fuzzy logic based anomaly detection for embedded network security cyber sensor. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS). pp 202–209

    Google Scholar 

  35. Vollmer T, Manic M (2009) Computationally efficient Neural Network Intrusion Security Awareness. In: 2009 2nd International Symposium on Resilient Control Systems. pp 25–30

    Google Scholar 

  36. Javaid A, Niyaz Q, Sun W, Alam M (2016) A Deep Learning Approach for Network Intrusion Detection System. In: Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (Formerly BIONETICS). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), Brussels, BEL, pp 21–26

    Google Scholar 

  37. Jahromi AN, Hashemi S, Dehghantanha A, et al (2020) An Improved Two-Hidden-Layer Extreme Learning Machine for Malware Hunting. Comput Secur 89:101655. https://doi.org/10.1016/j.cose.2019.101655

    Article  Google Scholar 

  38. Karimipour H, Leung H (2020) Relaxation-based anomaly detection in cyber-physical systems using ensemble kalman filter. IET Cyber-Physical Syst Theory Appl 5:49–58

    Article  Google Scholar 

  39. Karimipour H, Dinavahi V (2017) On false data injection attack against dynamic state estimation on smart power grids. In: 2017 IEEE International Conference on Smart Energy Grid Engineering (SEGE). pp 388–393

    Google Scholar 

  40. Zolanvari M, Teixeira MA, Gupta L, et al (2019) Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things. IEEE Internet Things J 6:6822–6834. https://doi.org/10.1109/JIOT.2019.2912022

    Article  Google Scholar 

  41. Shang W, Zeng P, Wan M, et al (2016) Intrusion detection algorithm based on OCSVM in industrial control system. Secur Commun Networks 9:1040–1049. https://doi.org/10.1002/sec.1398

    Article  Google Scholar 

  42. (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci (Ny) 378:484–497. https://doi.org/10.1016/j.ins.2016.04.019

  43. Yu JJQ, Hou Y, Li VOK (2018) Online False Data Injection Attack Detection With Wavelet Transform and Deep Neural Networks. IEEE Trans Ind Informatics 14:3271–3280. https://doi.org/10.1109/TII.2018.2825243

    Article  Google Scholar 

  44. Wang H, Ruan J, Wang G, et al (2018) Deep Learning-Based Interval State Estimation of AC Smart Grids Against Sparse Cyber Attacks. IEEE Trans Ind Informatics 14:4766–4778. https://doi.org/10.1109/TII.2018.2804669

    Article  Google Scholar 

  45. Dovom EM, Azmoodeh A, Dehghantanha A, et al (2019) Fuzzy pattern tree for edge malware detection and categorization in IoT. J Syst Archit 97:1–7. https://doi.org/10.1016/j.sysarc.2019.01.017

    Article  Google Scholar 

  46. Khan IA, Pi D, Khan ZU, et al (2019) HML-IDS: A Hybrid-Multilevel Anomaly Prediction Approach for Intrusion Detection in SCADA Systems. IEEE Access 7:89507–89521. https://doi.org/10.1109/ACCESS.2019.2925838

    Article  Google Scholar 

  47. Sakhnini J, Karimipour H, Dehghantanha A (2019) Smart Grid Cyber Attacks Detection Using Supervised Learning and Heuristic Feature Selection. In: 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE). IEEE, pp 108–112

    Google Scholar 

  48. Wang H, Ruan J, Zhou B, et al (2019) Dynamic Data Injection Attack Detection of Cyber Physical Power Systems with Uncertainties. IEEE Trans Ind Informatics 15:5505–5518. https://doi.org/10.1109/TII.2019.2902163

    Article  Google Scholar 

  49. Li D, Chen D, Jin B, et al (2019) MAD-GAN: Multivariate Anomaly Detection for Time Series Data with Generative Adversarial Networks. Lect Notes Comput Sci (including Subser Lect Notes Artif Intell Lect Notes Bioinformatics) 11730 LNCS:703–716. https://doi.org/10.1007/978-3-030-30490-4_56

  50. Abokifa AA, Haddad K, Lo C, Biswas P (2019) Real-Time Identification of Cyber-Physical Attacks on Water Distribution Systems via Machine Learning-Based Anomaly Detection Techniques. J Water Resour Plan Manag 145:4018089. https://doi.org/10.1061/(ASCE)WR.1943-5452.0001023

    Article  Google Scholar 

  51. Haddadpajouh H, Mohtadi A, Dehghantanaha A, et al (2020) A Multi-Kernel and Meta-heuristic Feature Selection Approach for IoT Malware Threat Hunting in the Edge Layer. IEEE Internet Things J 1–1. https://doi.org/10.1109/JIOT.2020.3026660

  52. Fard SMH, Karimipour H, Dehghantanha A, et al (2020) Ensemble sparse representation-based cyber threat hunting for security of smart cities. Comput Electr Eng 88:106825. https://doi.org/10.1016/j.compeleceng.2020.106825

    Article  Google Scholar 

  53. Yang K, Li Q, Lin X, et al (2020) iFinger: Intrusion Detection in Industrial Control Systems via Register-Based Fingerprinting. IEEE J Sel Areas Commun 38:955–967

    Article  Google Scholar 

  54. Bengio Y (2009) Learning Deep Architectures for AI. Found Trends® Mach Learn 2:1–127. https://doi.org/10.1561/2200000006

    MATH  Google Scholar 

  55. Huang G Bin, Zhu QY, Siew CK (2004) Extreme learning machine: A new learning scheme of feedforward neural networks. In: IEEE International Conference on Neural Networks—Conference Proceedings. IEEE, pp 985–990

    Google Scholar 

  56. Huang G-B, Zhu Q-Y, Siew C-K (2006) Extreme learning machine: Theory and applications. Neurocomputing 70:489–501. https://doi.org/10.1016/j.neucom.2005.12.126

    Article  Google Scholar 

  57. Bourlard H, Kamp Y (1988) Auto-association by multilayer perceptrons and singular value decomposition. Biol Cybern 59:291–294. https://doi.org/10.1007/BF00332918

    Article  MathSciNet  MATH  Google Scholar 

  58. Hinton GE, Zemel RS (1994) Autoencoders, Minimum description length and helmholtz free energy. In: Cowan JD, Tesauro G, Alspector J (eds) Advances in Neural Information Processing Systems 6. Morgan-Kaufmann, pp 3–10

    Google Scholar 

  59. Bengio Y, Courville A, Vincent P (2013) Representation Learning: A Review and New Perspectives. IEEE Trans Pattern Anal Mach Intell 35:1798–1828

    Article  Google Scholar 

  60. Goodfellow I, Bengio Y, Courville A (2016) Deep learning. MIT Press

    Google Scholar 

  61. Ng A, Ngiam J, Foo CY, et al (2013) Unsuoervised feature and deep learning (UFLDL). In: Stanford Univ.

    Google Scholar 

  62. Karnouskos S (2011) Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011—37th Annual Conference of the IEEE Industrial Electronics Society. pp 4490–4494

    Google Scholar 

  63. Hochreiter S, Schmidhuber J (1997) Long Short-Term Memory. Neural Comput 9:1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735

    Article  Google Scholar 

  64. Fayyad UM, Irani KB (1992) On the handling of continuous-valued attributes in decision tree generation. Mach Learn 8:87–102. https://doi.org/10.1007/BF00994007

    Article  MATH  Google Scholar 

  65. Wang D, Wang X, Zhang Y, Jin L (2019) Detection of power grid disturbances and cyber-attacks based on machine learning. J Inf Secur Appl 46:42–52. https://doi.org/10.1016/j.jisa.2019.02.008

    Google Scholar 

  66. Breiman L (2001) Random Forests. Mach Learn 45:5–32. https://doi.org/10.1023/A:1010933404324

    Article  MATH  Google Scholar 

  67. Genuer R, Poggi J-M, Tuleau-Malot C, Villa-Vialaneix N (2017) Random Forests for Big Data. Big Data Res 9:28–46. https://doi.org/10.1016/j.bdr.2017.07.003

    Article  Google Scholar 

  68. Sebald DJ, Bucklew JA (2000) Support Vector Machine Techniques for Nonlinear Equalization. IEEE Trans Signal Process 48:3217–3226. https://doi.org/10.1109/78.875477

    Article  Google Scholar 

  69. Lowd D, Domingos P (2005) Naive Bayes Models for Probability Estimation. In: Proceedings of the 22nd international conference on Machine learning—ICML ’05. ACM Press, New York, New York, USA, pp 529–536

    Chapter  Google Scholar 

  70. Bellinger C, Sharma S, Japkowicz N (2012) One-Class versus Binary Classification: Which and When? In: 2012 11th International Conference on Machine Learning and Applications. pp 102–106

    Google Scholar 

  71. Namavar Jahromi A, Sakhnini J, Karimpour H, Dehghantanha A (2019) A Deep Unsupervised Representation Learning Approach for Effective Cyber-Physical Attack Detection and Identification on Highly Imbalanced Data. In: Proceedings of the 29th Annual International Conference on Computer Science and Software Engineering. IBM Corp., pp 14–23

    Google Scholar 

  72. Alsaedi A, Moustafa N, Tari Z, et al (2020) TON_IoT Telemetry Dataset: A New Generation Dataset of IoT and IIoT for Data-Driven Intrusion Detection Systems. IEEE Access 8:165130–165150. https://doi.org/10.1109/ACCESS.2020.3022862

    Article  Google Scholar 

  73. Ramirez AG, Lara C, Betev L, et al (2018) Arhuaco: Deep Learning and Isolation Based Security for Distributed High-Throughput Computing

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Software Engineering, University of Calgary, Calgary, AB, Canada

    Amir Namavar Jahromi & Hadis Karimipour

  2. School of Computer Sciecne, University of Guelph, Guelph, ON, Canada

    Ali Dehghantanha

  3. Department of Software Engineering and Game Development, Kennesaw State University, Kennesaw, GA, USA

    Reza M. Parizi

Authors
  1. Amir Namavar Jahromi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hadis Karimipour
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Dehghantanha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Reza M. Parizi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amir Namavar Jahromi .

Editor information

Editors and Affiliations

  1. Department of Electrical and Software Engineering, University of Calgary, Calgary, AB, Canada

    Hadis Karimipour

  2. North York, ON, Canada

    Farnaz Derakhshan

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Jahromi, A.N., Karimipour, H., Dehghantanha, A., Parizi, R.M. (2021). Deep Representation Learning for Cyber-Attack Detection in Industrial IoT. In: Karimipour, H., Derakhshan, F. (eds) AI-Enabled Threat Detection and Security Analysis for Industrial IoT . Springer, Cham. https://doi.org/10.1007/978-3-030-76613-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-76613-9_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-76612-2

  • Online ISBN: 978-3-030-76613-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation