Skip to main content

Advertisement

SpringerLink
Log in

A deep hybrid learning model for detection of cyber attacks in industrial IoT devices

  • ORIGINAL ARTICLE
  • Published:
The International Journal of Advanced Manufacturing Technology Aims and scope Submit manuscript

Abstract

With the rapid advancement of wireless technology, the problem of cybersecurity monitoring and detection of cyber-attacks has been receiving widespread attention from industry and academia. The consequences of an undetected cyber-attack in a manufacturing system are not limited to intellectual property theft and cost. It may include destroying equipment, changing product plans, or altering processes. This paper proposes a deep hybrid learning model to improve network intrusion detection systems. To this end, initially, the data set is normalized and preprocessed. Afterward, deep hybrid learning models integrating Attention-based Long Short Term Memory (ALSTM) and Fully Convolutional Neural Network (FCN) with Gradient Boosting, such as Extreme Gradient Boosting (XGBoost) and Adaptive Boost (AdaBoost) are constructed to detect anomalies in traffic data of industrial internet of things (IoT) devices, successfully. The proposed model managed to detect cybersecurity threats in seven different Industrial Internet of Things (IIoT) devices with high-performance measures. The results reveal that deep hybrid learning can ideally detect cyber-security attacks and be versatile in detecting different types of attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data availability

All the data have been presented in the manuscript.

References

  1. Ralph BJ, Sorger M, Hartl K, Schwarz-Gsaxner A, Messner F, Stockinger M (2022) Transformation of a rolling mill aggregate to a cyber physical production system: from sensor retrofitting to machine learning. J Intell Manuf 33(2):493–518. https://doi.org/10.1007/s10845-021-01856-2

    Article  Google Scholar 

  2. Shahin M, Chen FF, Bouzary H, Krishnaiyer K (2020) Integration of Lean practices and Industry 4.0 technologies: smart manufacturing for next-generation enterprises. Int J Adv Manuf Technol 107(5):2927–2936. https://doi.org/10.1007/s00170-020-05124-0

    Article  Google Scholar 

  3. Dafflon B, Moalla N, Ouzrout Y (2021) The challenges, approaches, and used techniques of CPS for manufacturing in Industry 4.0: a literature review. Int J Adv Manuf Technol 113(7):2395–2412. https://doi.org/10.1007/s00170-020-06572-4

    Article  Google Scholar 

  4. Shafae MS, Wells LJ, Purdy GT (2019) Defending against product-oriented cyber-physical attacks on machining systems. Int J Adv Manuf Technol 105(9):3829–3850. https://doi.org/10.1007/s00170-019-03805-z

    Article  Google Scholar 

  5. Yuan C, Li G, Kamarthi S, Jin X, Moghaddam M (2022) Trends in intelligent manufacturing research: a keyword co-occurrence network based review. J Intell Manuf 33(2):425–439. https://doi.org/10.1007/s10845-021-01885-x

    Article  Google Scholar 

  6. Oztemel E, Gursev S (2020) Literature review of Industry 4.0 and related technologies. J Intell Manuf 31(1):127–182. https://doi.org/10.1007/s10845-018-1433-8

    Article  Google Scholar 

  7. Elhabashy AE, Wells LJ, Camelio JA (2019) Cyber-physical security research efforts in manufacturing - a literature review. Procedia Manuf 34:921–931. https://doi.org/10.1016/j.promfg.2019.06.115

    Article  Google Scholar 

  8. Giannetti C, Essien A (2022) Towards scalable and reusable predictive models for cyber twins in manufacturing systems. J Intell Manuf 33(2):441–455. https://doi.org/10.1007/s10845-021-01804-0

    Article  Google Scholar 

  9. Significant Cyber Incidents | Center for Strategic and International Studies. https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents (Accessed 25 Feb 2022)

  10. Elhabashy AE, Wells LJ, Camelio JA, Woodall WH (2019) A cyber-physical attack taxonomy for production systems: a quality control perspective. J Intell Manuf 30(6):2489–2504. https://doi.org/10.1007/s10845-018-1408-9

    Article  Google Scholar 

  11. O’Reilly P, Rigopoulos K, Feldman L, Witte G (2021) 2020 cybersecurity and privacy annual report. Natl Inst Stand Technol. https://doi.org/10.6028/NIST.SP.800-214

    Article  Google Scholar 

  12. Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Futur Gener Comput Syst 100:779–796. https://doi.org/10.1016/j.future.2019.05.041

    Article  Google Scholar 

  13. Bhattacharya A (2021) Deep Hybrid Learning — a fusion of conventional ML with state of the art DL. Medium. https://towardsdatascience.com/deep-hybrid-learning-a-fusion-of-conventional-ml-with-state-of-the-art-dl-cb43887fe14 (Accessed 25 Feb 2022)

  14. Adib QAR, Mehedi MdHK, Sakib MdS, Patwary KK, Hossain MS, Rasel AA (2021) A deep hybrid learning approach to detect bangla fake news. Int Symp Multidiscip Stud Innov Technol (ISMSIT) 442–447. https://doi.org/10.1109/ISMSIT52890.2021.9604712

    Article  Google Scholar 

  15. Shinde K, Thakare A (2021) Deep hybrid learning method for classification of fetal brain abnormalities. Int Conf Artif Intell Mach Vis (AIMV) 1–6. https://doi.org/10.1109/AIMV53313.2021.9670994

    Article  Google Scholar 

  16. Machine learning in cybersecurity to boost Big Data, Intelligence, and Analytics spending to $96 billion by 2021. https://www.abiresearch.com/press/machine-learning-cybersecurity-boost-big-data-inte/ (Accessed 25 Feb 2022)

  17. Mahmood T, Afzal U (2013) Security Analytics: Big Data Analytics for cybersecurity: a review of trends, techniques and tools. Natl Conf Inf Assurance (NCIA) 129–134. https://doi.org/10.1109/NCIA.2013.6725337

    Article  Google Scholar 

  18. Terzi DS, Terzi R, Sagiroglu S (2017) Big data analytics for network anomaly detection from netflow data. Int Conf Comput Sci Eng (UBMK) 592–597. https://doi.org/10.1109/UBMK.2017.8093473

    Article  Google Scholar 

  19. Gaggero GB, Rossi M, Girdinio P, Marchese M (2019) Neural network architecture to detect system faults/cyberattacks anomalies within a photovoltaic system connected to the grid. Int Symp Adv Electr Commun Technol (ISAECT) 1–4. https://doi.org/10.1109/ISAECT47714.2019.9069683

    Article  Google Scholar 

  20. Wu M, Song Z, Moon YB (2019) Detecting cyber-physical attacks in CyberManufacturing systems with machine learning methods. J Intell Manuf 30(3):1111–1123. https://doi.org/10.1007/s10845-017-1315-5

    Article  Google Scholar 

  21. Wu X, Goepp V, Siadat A (2020) Concept and engineering development of cyber physical production systems: a systematic literature review. Int J Adv Manuf Technol 111(1):243–261. https://doi.org/10.1007/s00170-020-06110-2

    Article  Google Scholar 

  22. Cruz Salazar LA, Ryashentseva D, Lüder A, Vogel-Heuser B (2019) Cyber-physical production systems architecture based on multi-agent’s design pattern—comparison of selected approaches mapping four agent patterns. Int J Adv Manuf Technol 105(9):4005–4034. https://doi.org/10.1007/s00170-019-03800-4

    Article  Google Scholar 

  23. Kulkarni A, Xu C (2021) A deep learning approach in optical inspection to detect hidden hardware Trojans and secure cybersecurity in electronics manufacturing supply chains. Front Mech Eng 7. Accessed: 25 Feb 2022. [Online]. Available: https://www.frontiersin.org/article/10.3389/fmech.2021.709924

  24. Bruce PC, Shmueli G, Patel NR (2016) Data mining for business analytics: concepts, techniques, and applications in Microsoft Office Excel with XLMiner. Wiley-Blackwell

  25. Shahin M, Chen FF, Bouzary H, Zarreh A (2020) Frameworks proposed to address the threat of cyber-physical attacks to lean 4.0 systems. Procedia Manuf 51:1184–1191. https://doi.org/10.1016/j.promfg.2020.10.166

    Article  Google Scholar 

  26. Ahmad A, Maynard S, Park S (2014) Information security strategies: towards an organizational multi-strategy perspective. J Intell Manuf 25(2):357–370. https://doi.org/10.1007/s10845-012-0683-0

    Article  Google Scholar 

  27. Dhaliwal SS, Nahid A-A, Abbas R (2018) Effective intrusion detection system using XGBoost. Information 9(7). https://doi.org/10.3390/info9070149

    Article  Google Scholar 

  28. Gouveia A, Correia M (2020) Network intrusion detection with XGBoost. Recent Advances in Security, Privacy, and Trust for Internet of Things (IoT) and Cyber-Physical Systems (CPS). Chapman and Hall/CRC. 137–166. https://doi.org/10.1201/9780429270567-6

  29. Attia A, Faezipour M, Abuzneid A (2020) Network intrusion detection with XGBoost and deep learning algorithms: an evaluation study. In 2020 international conference on computational science and computational intelligence (CSCI) (pp 138–143). IEEE. https://doi.org/10.1109/CSCI51800.2020.00031

  30. Friedman J, Hastie T, Tibshirani R (2000) Additive logistic regression: a statistical view of boosting. Ann Stat 28:337–407. https://doi.org/10.1214/aos/1016218223

    Article  MathSciNet  MATH  Google Scholar 

  31. Friedman JH (2001) Greedy function approximation: a gradient boosting machine. Ann Stat 29(5):1189–1232. https://doi.org/10.1214/aos/1013203451

    Article  MathSciNet  MATH  Google Scholar 

  32. Chen T, Guestrin C (2016) XGBoost: a scalable tree boosting system. Proc ACM SIGKDD Int Conf Knowledge Discov Data Min 785–794. https://doi.org/10.1145/2939672.2939785

    Article  Google Scholar 

  33. Subasi A, Kremic E (2020) Comparison of Adaboost with MultiBoosting for phishing website detection. Procedia Comput Sci 168:272–278. https://doi.org/10.1016/j.procs.2020.02.251

    Article  Google Scholar 

  34. Tang D, Tang L, Dai R, Chen J, Li X, Rodrigues JJPC (2020) MF-Adaboost: LDoS attack detection based on multi-features and improved Adaboost. Futur Gener Comput Syst 106:347–359. https://doi.org/10.1016/j.future.2019.12.034

    Article  Google Scholar 

  35. Freund Y, Schapire RE (1997) A decision-theoretic generalization of on-line learning and an application to boosting. J Comput Syst Sci 55(1):119–139. https://doi.org/10.1006/jcss.1997.1504

    Article  MathSciNet  MATH  Google Scholar 

  36. Freund Y, Schapire RE (1999) A short introduction to boosting. Proc Int Joint Conf Artif Intell 1401–1406

    Google Scholar 

  37. Yang X, Guo C (2018) Prediction of catalytic hydro conversion of normal heptane over catalysts using multi-layer perceptron artificial neural network (ANN-MLP). Pet Sci Technol 36(22):1875–1882. https://doi.org/10.1080/10916466.2018.1517164

    Article  Google Scholar 

  38. Rumelhart DE, McClelland JL (Eds) (1986) Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations. Cambridge, MA, USA: MIT Press

  39. Rumelhart DE, Hinton GE, Williams RJ (1986) Learning internal representations by error propagation. Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations, Cambridge, MA, USA: MIT Press, pp. 318–362

  40. Svozil D, Kvasnicka V, Pospíchal J (1997) Introduction to multi-layer feed-forward neural networks. Chemom Intell Lab Syst 39:43–62. https://doi.org/10.1016/S0169-7439(97)00061-0

    Article  Google Scholar 

  41. Ciaburro G (2017) Neural networks with R. Packt Publishing. Accessed: 18 Oct 2021. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5582708&site=eds-live&scope=site

  42. Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks. IEEE Int Conf Acoust Speech Signal Process (ICASSP) 1916–1920. https://doi.org/10.1109/ICASSP.2015.7178304

    Article  Google Scholar 

  43. Shibahara T, Yagi T, Akiyama M, Chiba D, Yada T (2016) Efficient dynamic malware analysis based on network behavior using deep learning. IEEE Glob Commun Conf (GLOBECOM) 1–7. https://doi.org/10.1109/GLOCOM.2016.7841778

    Article  Google Scholar 

  44. Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735

    Article  Google Scholar 

  45. Bahdanau D, Cho K, Bengio Y (2015) Neural machine translation by jointly learning to align and translate. Presented at the 3rd International Conference on Learning Representations, ICLR 2015 - Conference Track Proceedings. Accessed: 21 Oct 2021. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=edselc&AN=edselc.2-52.0-85083953689&site=eds-live&scope=site

  46. Yang S, Tan M, Xia S, Liu F (2020) A method of intrusion detection based on Attention-LSTM neural network. Proc Int Conf Mach Learn Technol. New York, NY, USA, pp. 46–50. https://doi.org/10.1145/3409073.3409096

  47. Shi Z, Mamun AA, Kan C, Tian W, Liu C (2022) An LSTM-autoencoder based online side channel monitoring approach for cyber-physical attack detection in additive manufacturing. J Intell Manuf 1–17. https://doi.org/10.1007/s10845-021-01879-9

    Article  Google Scholar 

  48. Kim J, Kim J, Kim H, Shim M, Choi E (2020) CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(916):916. https://doi.org/10.3390/electronics9060916

    Article  Google Scholar 

  49. McLaughlin N et al (2017) Deep android malware detection. Proc ACM Conf Data Appl Secur Privacy. Scottsdale, Arizona, USA, pp. 301–308. https://doi.org/10.1145/3029806.3029823

  50. Gibert D, Mateu C, Planes J, Vicens R (2019) Using convolutional neural networks for classification of malware represented as images. J Comput Virol Hack Tech 15(1):15–28. https://doi.org/10.1007/s11416-018-0323-0

    Article  Google Scholar 

  51. Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. In 2017 International conference on information networking (ICOIN) (pp. 712-717). IEEE. https://doi.org/10.1109/ICOIN.2017.7899588

  52. Karim F, Majumdar S, Darabi H (2019) Insights into LSTM fully convolutional networks for time series classification. IEEE Access 7:67718–67725. https://doi.org/10.1109/ACCESS.2019.2916828

    Article  Google Scholar 

  53. Wang Z, Yan W, Oates T (2017) Time series classification from scratch with deep neural networks: a strong baseline. Int Joint Conf Neural Netw (IJCNN) 1578–1585. https://doi.org/10.1109/IJCNN.2017.7966039

    Article  Google Scholar 

  54. Moustafa N (2021) A new distributed architecture for evaluating AI-based security systems at the edge: network TON_IoT datasets. Sustain Cities Soc 72:102994. https://doi.org/10.1016/j.scs.2021.102994

    Article  Google Scholar 

  55. Booij TM, Chiscop I, Meeuwissen E, Moustafa N, den Hartog FTH (2021) ToN_IoT: the role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion datasets. IEEE Internet Things J 1–1. https://doi.org/10.1109/JIOT.2021.3085194

    Article  Google Scholar 

  56. Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A (2020) TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8:165130–165150. https://doi.org/10.1109/ACCESS.2020.3022862

    Article  Google Scholar 

  57. Moustafa N, Keshky M, Debiez E, Janicke H (2020) Federated TON_IoT windows datasets for evaluating AI-based security applications. IEEE Int Conf Trust Secur Privacy Comput Commun (TrustCom) 848–855. https://doi.org/10.1109/TrustCom50675.2020.00114

    Article  Google Scholar 

  58. Moustafa N, Ahmed M, Ahmed S (2020) Data analytics-enabled intrusion detection: evaluations of ToN_IoT linux datasets. IEEE Int Conf Trust Secur Privacy Comput Commun (TrustCom) 727–735. https://doi.org/10.1109/TrustCom50675.2020.00100

    Article  Google Scholar 

  59. Moustafa (2019) New generations of internet of things datasets for cybersecurity applications based machine learning: TON_IoT datasets. Research Data Australia. https://researchdata.edu.au/new-generations-internet-toniot-datasets/1425941 (Accessed 11 Dec 2021)

  60. Moustafa N (2019) A systemic IoT-fog-cloud architecture for big-data analytics and cyber security systems: a review of fog computing. arXiv:1906.01055 [cs], Accessed: 11 Dec 2021. [Online]. Available: http://arxiv.org/abs/1906.01055

  61. Ashraf J et al (2021) IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities. Sustain Cities Soc 72:103041. https://doi.org/10.1016/j.scs.2021.103041

    Article  Google Scholar 

  62. Zargar ST, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys Tutorials 15(4):2046–2069. https://doi.org/10.1109/SURV.2013.031413.00127

    Article  Google Scholar 

  63. Krupp J, Backes M, Rossow C (2016) Identifying the scan and attack infrastructures behind amplification DDoS attacks. Proc ACM SIGSAC Conf Comput Commun Secur. New York, NY, USA, pp. 1426–1437. https://doi.org/10.1145/2976749.2978293

  64. Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166. https://doi.org/10.1016/j.cose.2018.01.001

    Article  Google Scholar 

  65. Al-Hawawreh M, Hartog FD, Sitnikova E (2019) Targeted ransomware: a new cyber threat to edge system of brownfield industrial internet of things. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2019.2914390

    Article  Google Scholar 

  66. Kolias C, Kambourakis G, Stavrou A, Gritzalis S (2016) Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun Surv Tutor. https://doi.org/10.1109/COMST.2015.2402161

    Article  Google Scholar 

  67. Zolanvari M, Teixeira MA, Gupta L, Khan KM, Jain R (2019) Machine learning-based network vulnerability analysis of industrial internet of things. IEEE Internet Things J 6(4):6822–6834. https://doi.org/10.1109/JIOT.2019.2912022

    Article  Google Scholar 

  68. Chaabouni N, Mosbah M, Zemmari A, Sauvignac C, Faruki P (2019) Network intrusion detection for IoT security based on learning techniques. IEEE Commun Surv Tutor 21(3):2671–2701. https://doi.org/10.1109/COMST.2019.2896380

    Article  Google Scholar 

  69. Zheng A, Casari A (2018) Feature engineering for machine learning : principles and techniques for data scientists, First edition. O’Reilly Media. Accessed: 11 Dec 2021. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5167004&site=eds-live&scope=site

  70. Witten IH, Frank E, Hall MA, Pal CJ (2017) Data mining : practical machine learning tools and techniques, Fourth edition. Morgan Kaufmann. Accessed: 11 Dec 2021. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5158398&site=eds-live&scope=site

  71. Zhou X, Feng J, Li Y (2021) Non-intrusive load decomposition based on CNN–LSTM hybrid deep learning model. Energy Rep 7:5762–5771. https://doi.org/10.1016/j.egyr.2021.09.001

    Article  Google Scholar 

Download references

Funding

The reported research work received partial financial support from Office of Naval Research MEEP Program (Award Number: N00014-19–1-2728) as well as from the Lutcher Brown Distinguished Chair Professorship fund of the University of Texas at San Antonio.

Author information

Authors and Affiliations

  1. Mechanical Engineering Department, The University of Texas at San Antonio, San Antonio, TX, USA

    Mohammad Shahin, F. Frank Chen, Ali Hosseinzadeh, Hamed Bouzary & Rasoul Rashidifar

Authors
  1. Mohammad Shahin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. F. Frank Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Hosseinzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hamed Bouzary
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rasoul Rashidifar
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to this paper’s conception and design. Material preparation, data collection, and analysis were performed by Mohammad Shahin, Hamed Bouzary, and Ali Hosseinzadeh. In addition, Mohammad Shahin wrote the first draft of the manuscript, and Rasoul Rashidifar commented on previous versions. Finally, all authors read and approved the final manuscript.

Corresponding author

Correspondence to F. Frank Chen.

Ethics declarations

Ethics approval

The paper follows the guidelines of the Committee on Publication Ethics (COPE).

Consent to participate

The authors declare that they all consent to participate this research.

Consent for publication

The authors declare that they all consent to publish the manuscript.

Competing interests

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shahin, M., Chen, F.F., Hosseinzadeh, A. et al. A deep hybrid learning model for detection of cyber attacks in industrial IoT devices. Int J Adv Manuf Technol 123, 1973–1983 (2022). https://doi.org/10.1007/s00170-022-10329-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00170-022-10329-6

Keywords

Search

Navigation