Skip to main content
SpringerLink
Log in

RLET: a lightweight model for ubiquitous multi-class intrusion detection in sustainable and secured smart environment

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In today’s data-driven society, every device produces data every day, and digitalization has transformed all data digital. However, access to any kind of data is now effortless due to technological advancements. Cyber-attacks on the network provide a risk to the network and data, which, if it gets into the wrong hands, might be very challenging to manage. Therefore, the best way to deal with this issue is to prevent any kind of cyber-attack before it starts by early detection. The suggested model is a soft voting of the random forest, light gradient boosting and extra tree classifiers (RLET). This architecture creates a robust, quick and lightweight machine learning model that helps to overcome this challenge and makes it widely used. Three tree-based models are combined in RLET, a soft voting ensemble with improved memory optimization characteristics. Each model quickly processes a certain component of the data to maintain speed, and ensembling enables the model to maintain efficiency. For multi-class intrusion detection, the suggested model achieved an AUC-ROC score of 99.79 for the gas pipeline dataset and 99.76 for the water pipeline dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Data Availability

The data that support the findings of this study are available from the corresponding author upon reasonable request

References

  1. Ackermann, R., Wollinger, T., Eigner, H.: Intrusion analysis in an industrial control system environment - the case of a steel mill. In Proceedings of the European Conference on Information Warfare and Security (ECIW), (2015)

  2. Working Group, Anti-Phishing.: (APWG). Phishing activity trends report, 3rd quarter 2020. Technical report, (2020)

  3. Michael, J.: Assante and Robert J. Walters. The industrial control system cyber kill chain. Technical report, SANS Institute (2015)

  4. Banadaki, Y.M.: Detecting malicious DNS over https traffic in domain name system using machine learning classifiers. J. Comput. Sci. Appl. 8(2), 46–55 (2020)

    Google Scholar 

  5. Bhati, B.S., Rai, C.S.: Ensemble based approach for intrusion detection using extra tree classifier. In Intelligent Computing in Engineering, 213–220. Springer, (2020)

  6. Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA systems with anomaly detection. In International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, 171–182. Springer, (2003)

  7. Bloomberg. Honda says cyber attack impacts production, global operations. https://www.bloomberg.com/news/articles/2020-06-09/honda-says-cyber-attack-impacts-production-global-operations, (2020)

  8. Butun, I., Ra, I.-H., Sankar, R.: An intrusion detection system based on multi-level clustering for hierarchical wireless sensor networks. Sensors 15(11), 28960–28978 (2015)

    Article  Google Scholar 

  9. Check Point Research. Securing SCADA systems in the modern threat landscape. Technical report, (2020)

  10. Cheung, S., Dutertre, B., Fong, M., Lindqvist, U., Skinner, K., Valdes, A.: Using model-based intrusion detection for scada networks. In Proceedings of the SCADA Security Scientific Symposium, Miami Beach, Florida, (2007)

  11. Doumit, S.S., Agrawal, D.P.: Self-organized criticality and stochastic learning based intrusion detection system for wireless sensor networks. In IEEE Military Communications Conference, 2003. MILCOM 2003., volume 1, 609–614 Vol.1, (2003)

  12. Düssel, Patrick, Gehl, Christian, Laskov, Pavel, Bußer, Jens-Uwe, Störmann, Christof, Kästner, Jan, Cyber-critical infrastructure protection using real-time payload-based anomaly detection. In International Workshop on Critical Information Infrastructures Security, 85–97. Springer, (2009)

  13. Freund, Y., Schapire, R.E.: Experiments with a new boosting algorithm. In Proceedings of the Thirteenth International Conference on International Conference on Machine Learning, ICML’96, page 148-156, San Francisco, CA, USA, (1996). Morgan Kaufmann Publishers Inc

  14. Ghernaouti-Hélie, S.: Cybersecurity for Industrial Control Systems: SCADA, DCS. HMI, and SIS. ISTE Ltd. and Wiley, PLC (2018)

  15. Gonzalez, J., Papa, M., Passive scanning in MODBUS networks. In International Conference on Critical Infrastructure Protection, 175–187. Springer, (2007)

  16. iSIGHT Partners. Blackenergy apt attacks against Ukrainian energy sector. Technical report, December (2015)

  17. Ismail, M., Shaaban, M.F., Naidu, M., Serpedin, E.: Deep learning detection of electricity theft cyber-attacks in renewable distributed generation. IEEE Trans. Smart Grid 11(4), 3428–3437 (2020)

    Article  Google Scholar 

  18. Jan, S.U., Ahmed, S., Shakhov, V., Koo, I.: Toward a lightweight intrusion detection system for the internet of things. IEEE Access 7, 42450–42471 (2019)

    Article  Google Scholar 

  19. Jazdi, N.: Cyber physical systems in the context of industry 4.0. In 2014 IEEE International Conference on Automation, Quality and Testing, Robotics, 1–4. IEEE, (2014)

  20. Jin, C., Valizadeh, S., van Dijk, M.: Snapshotter: Lightweight intrusion detection and prevention system for industrial control systems. In 2018 IEEE Industrial Cyber-Physical Systems (ICPS), 824–829, (2018)

  21. Li, B., Yuhao, W., Song, J., Rongxing, L., Li, T. Liang, Z.: Federated deep learning for intrusion detection in industrial cyber-physical systems, Deepfed (2021)

  22. Liu, X., Wang, H., Zhang, X., Luan, H., Sha, Y., Yan, Y.: A method based on multiple population genetic algorithm to select hyper-parameters of industrial intrusion detection classifier, (2021)

  23. Maglaras, L.A., Jiang, J.: Intrusion detection in SCADA systems using machine learning techniques, (2014)

  24. Mantere, M., Sailio, M., Noponen, S.: Network traffic features for anomaly detection in specific industrial control system network. Future Internet 5(4), 460–473 (2013)

    Article  Google Scholar 

  25. Marinho, R., Costa, R.: Air-gapped systems: a survey of vulnerabilities, attacks, and countermeasures. IEEE Commun. Surv. Tutor. 17(2), 828–844 (2015)

    Google Scholar 

  26. Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research. In Seventh Annual Southeastern Cyber Security Summit, (2015)

  27. Ouyang, Y., Li, B., Kong, Q., Song, H., Tao L.: A novel few-shot learning based intrusion detection system for scada networks, Fs-ids (2021)

  28. OWASP (Open Web Application Security Project). SQL Injection. https://owasp.org/www-community/attacks/SQL_Injection

  29. Qi, G., Zhou, J., Jia, W., Liu, M., Zhang, S., Xu, M.: Intrusion detection for network based on elite clone artificial bee colony and back propagation neural network, (2021)

  30. Chao Qiu, F., Richard, Yu., Yao, H., Jiang, C., Fangmin, X., Zhao, C.: Blockchain-based software-defined industrial internet of things: a dueling deep \(q\)-learning approach. IEEE Internet Things J. 6(3), 4627–4639 (2018)

    Google Scholar 

  31. Qu, H., Lei, L., Tang, X., Wang, P.: A lightweight intrusion detection method based on fuzzy clustering algorithm for wireless sensor networks, (2018)

  32. Radoglou-Grammatikis, P., Stergiou, C.: Cybersecurity in industrial control systems: a survey. IEEE Commun. Surv. Tutor. 22(1), 502–524 (2020)

    Google Scholar 

  33. Sharaff, A., Gupta, H.: Extra-tree classifier with metaheuristics approach for email classification. In Advances in Computer Communication and Computational Sciences, 189–197. Springer, (2019)

  34. Sharma, R.K., Kalita, H.K., Borah, P.: Analysis of machine learning techniques based intrusion detection systems. In Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, 485–493. Springer, (2016)

  35. Sun, L., Zebin, W., Liu, J., Xiao, L., Wei, Z.: Supervised spectral-spatial hyperspectral image classification with weighted Markov random fields. IEEE Trans. Geosci. Remote Sens. 53(3), 1490–1503 (2014)

    Article  Google Scholar 

  36. Tian, J., Gao, M., Zhou, S.: Wireless sensor network for community intrusion detection system based on classify support vector machine. In 2009 International Conference on Information and Automation, 1217–1221. IEEE, (2009)

  37. Ullah, I., Mahmoud, Q.H.: An intrusion detection framework for the smart grid. In 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE), 1–5, (2017)

  38. Wang, H., Ruan, J., Wang, G., Zhou, B., Liu, Y., Xueqian, F., Peng, J.: Deep learning-based interval state estimation of ac smart grids against sparse cyber attacks. IEEE Trans. Industr. Inf. 14(11), 4766–4778 (2018)

    Article  Google Scholar 

  39. Wang, Y., Xu, Z., Zhang, J., Xu, L. Wang, H., Gu, G.: Srid: State relation based intrusion detection for false data injection attacks in SCADA. In European symposium on research in computer security, 401–418. Springer, (2014)

  40. Yang, D., Usynin, A., Hines, J.: Anomaly-based intrusion detection for SCADA systems. 07 (2008)

  41. Yang, H., Cheng, L., Chuah, M.C.: Deep-learning-based network intrusion detection for SCADA systems, Jun (2019)

  42. Yang, J., Zhou, C., Yang, S., Haizhou, X., Bowen, H.: Anomaly detection based on zone partition for security protection of industrial cyber-physical systems. IEEE Trans. Industr. Electron. 65(5), 4257–4267 (2017)

    Article  Google Scholar 

  43. Yang, Y., McLaughlin, K., Sezer, S., Littler, T., Im, E.G., Pranggono, B., Wang, H.F.: Multiattribute SCADA-specific intrusion detection system for power networks. IEEE Trans. Power Delivery 29(3), 1092–1102 (2014)

    Article  Google Scholar 

  44. ZDNet. Norsk hydro ransomware attack cost the firm \$45m so far. https://www.zdnet.com/article/norsk-hydro-ransomware-attack-cost-the-firm-45m-so-far/, April (2019)

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Netaji Subhas University of Technology, New Delhi, India

    Bhavya Dhingra & Vidhi Jain

  2. Department of Information Technology, Indira Gandhi Delhi Technical University for Women, New Delhi, India

    Deepak Kumar Sharma

  3. Department of Computer Science and Engineering, Maharaja Surajmal Institute of Technology, New Delhi, India

    Koyel Datta Gupta

  4. Department of Information Technology, Netaji Subhas University of Technology, New Delhi, India

    Deepika Kukreja

Authors
  1. Bhavya Dhingra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vidhi Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Deepak Kumar Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Koyel Datta Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Deepika Kukreja
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deepak Kumar Sharma.

Ethics declarations

Conflict of interest

The authors did not receive support from any organization for the submitted work.

Ethical approval

On behalf of all authors, the corresponding author states that there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dhingra, B., Jain, V., Sharma, D.K. et al. RLET: a lightweight model for ubiquitous multi-class intrusion detection in sustainable and secured smart environment. Int. J. Inf. Secur. 23, 315–330 (2024). https://doi.org/10.1007/s10207-023-00739-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00739-2

Keywords

Search

Navigation