Abstract
Recently, Internet of things (IoT) devices have been widely implemented and technologically advanced in manufacturing settings to monitor, collect, exchange, analyze, and deliver data. However, this transition has increased the risk of cyber-attacks, exponentially. Subsequently, developing effective intrusion detection systems based on deep learning algorithms has proven to become a reliable intelligence tool to protect Industrial IoT devices against cyber threats. This paper presents the implementation of two different classifications and detection utilizing the long short-term memory (LSTM) architecture to address cybersecurity concerns on three benchmark industrial IoT datasets (BoT-IoT, UNSW-NB15, and TON-IoT) which take advantage of various deep learning algorithms. An overall analysis of the performance of the proposed models is provided. Augmenting the LSTM with convolutional neural network (CNN) and fully convolutional neural network (FCN) achieves state-of-the-art performance in detecting cybersecurity threats.
Similar content being viewed by others
References
Zheng Y, Pal A, Abuadbba S, Pokhrel SR, Nepal S, Janicke H (2020) Towards IoT security automation and orchestration, 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), TPS-ISA 55–63. https://doi.org/10.1109/TPS-ISA50397.2020.00018
Shahin M, Chen FF, Bouzary H, Krishnaiyer K (2020) Integration of Lean practices and Industry 4.0 technologies: smart manufacturing for next-generation enterprises. Int J Adv Manuf Technol 107(5):2927–2936. https://doi.org/10.1007/s00170-020-05124-0
Baumann D, Mager F, Wetzker U, Thiele L, Zimmerling M, Trimpe S (2021) Wireless control for smart manufacturing: recent approaches and open challenges. Proc IEEE 109(4):441–467. https://doi.org/10.1109/JPROC.2020.3032633
Donnal J, McDowell R, Kutzer M (2020) Decentralized IoT with Wattsworth. 2020 IEEE 6th World Forum on Internet of Things (WF-IoT), Internet of Things (WF-IoT), 2020 IEEE 6th World Forum on 1–6. https://doi.org/10.1109/WF-IoT48130.2020.9221350
Sungwon LEE, Hyeonkyu JEON, Gihyun PARK, Jonghee YOUN (2021) Design of automation environment for analyzing various IoT malware. Tehnicki vjesnik / Technical Gazette 28(4):827–835. https://doi.org/10.17559/TV-20210202131602
Elhabashy AE, Wells LJ, Camelio JA (2019) Cyber-physical security research efforts in manufacturing - a literature review. in Procedia Manuf 01 34:921–931 https://doi.org/10.1016/j.promfg.2019.06.115
Elhabashy AE, Wells LJ, Camelio JA, Woodall WH (2019) A cyber-physical attack taxonomy for production systems: a quality control perspective. J Intell Manuf 30(6):2489–2504. https://doi.org/10.1007/s10845-018-1408-9
ICS Monitor Newsletters | CISA. https://www.us-cert.gov/ics/monitors Accessed 20 Oct 2019
O’Reilly P, Rigopoulos K, Feldman L, Witte G (2021) 2020 Cybersecurity and Privacy Annual Report. Natl Inst Stand Technol. https://doi.org/10.6028/NIST.SP.800-214
Shahin M, Chen FF, Bouzary H, Zarreh A (2020) Frameworks proposed to address the threat of cyber-physical attacks to Lean 4.0 systems. Procedia Manuf 51:1184–1191. https://doi.org/10.1016/j.promfg.2020.10.166
Koroniotis N, Moustafa N, Sitnikova E, Turnbull B (2019) Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset. Futur Gener Comput Syst 100:779–796. https://doi.org/10.1016/j.future.2019.05.041
Mahmood T, Afzal U (2013) Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools. in 2013 2nd National Conference on Information Assurance (NCIA) 129–134. https://doi.org/10.1109/NCIA.2013.6725337
Terzi DS, Terzi R, Sagiroglu S (2017) Big data analytics for network anomaly detection from netflow data. in 2017 International Conference on Computer Science and Engineering (UBMK) 592–597. https://doi.org/10.1109/UBMK.2017.8093473
Gaggero GB, Rossi M, Girdinio P, Marchese M (2019) Neural network architecture to detect system faults / cyberattacks anomalies within a photovoltaic system connected to the grid. in 2019 International Symposium on Advanced Electrical and Communication Technologies (ISAECT)1–4. https://doi.org/10.1109/ISAECT47714.2019.9069683
Bruce PC, Shmueli G, Patel NR (2016) Data mining for business analytics: concepts, techniques, and applications in Microsoft Office Excel with XLMiner. Wiley-Blackwell
Ciaburro G (2017) Neural networks with R. Packt Publishing. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5582708&site=eds-live&scope=site Accessed 18 Oct 2021
Pascanu R, Stokes JW, Sanossian H, Marinescu M, Thomas A (2015) Malware classification with recurrent networks. in 2015 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) 1916–1920. https://doi.org/10.1109/ICASSP.2015.7178304
Shibahara T, Yagi T, Akiyama M, Chiba D, Yada T (2016) Efficient dynamic malware analysis based on network behavior using deep learning. in 2016 IEEE Global Communications Conference (GLOBECOM) 1–7. https://doi.org/10.1109/GLOCOM.2016.7841778
Loukas G, Vuong T, Heartfield R, Sakellari G, Yoon Y, Gan D (2018) Cloud-based cyber-physical intrusion detection for vehicles using deep learning. IEEE Access 6:3491–3508. https://doi.org/10.1109/ACCESS.2017.2782159
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780. https://doi.org/10.1162/neco.1997.9.8.1735
Kim J, Kim J, Thu HLT, Kim H (2016) Long short term memory recurrent neural network classifier for intrusion detection. in 2016 Int Conf on Platform Technol and Service (PlatCon) 1–5. https://doi.org/10.1109/PlatCon.2016.7456805
McDermott CD, Majdani F, Petrovski AV (2018) Botnet detection in the Internet of Things using deep learning approaches. in 2018 Int Jt Conf Neural Netw (IJCNN) 1–8. https://doi.org/10.1109/IJCNN.2018.8489489
Chatterjee CC (2019) Implementation of RNN, LSTM, and GRU. Medium. https://towardsdatascience.com/implementation-of-rnn-lstm-and-gru-a4250bf6c090 Accessed 10 Dec 2021
Zhao Q, Zhu Y, Wan D, Yu Y, Cheng X (2018) Research on the data-driven quality control method of hydrological time series data. Water (Switzerland) 10(12):23 https://doi.org/10.3390/w10121712
Yasrab R, Pound M (2020) PhenomNet: bridging phenotype-genotype gap: a CNN-LSTM based automatic plant root anatomizationsystem. https://doi.org/10.1101/2020.05.03.075184
Kim J, Kim J, Kim H, Shim M, Choi E (2020) CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(916):916. https://doi.org/10.3390/electronics9060916
Wang Wei, Zhu Ming, Zeng Xuewen, Ye Xiaozhou, Sheng Yiqiang (2017) Malware traffic classification using convolutional neural network for representation learning 712–717. https://doi.org/10.1109/ICOIN.2017.7899588
McLaughlin N (2017) Deep android malware detection. in Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, Scottsdale, Arizona, USA. 301–308. https://doi.org/10.1145/3029806.3029823
Gibert D, Mateu C, Planes J, Vicens R (2019) Using convolutional neural networks for classification of malware represented as images. J Comput Virol Hacking Tech 15(1):15–28. https://doi.org/10.1007/s11416-018-0323-0
Yu Y, Long J, Cai Z (2017) Network intrusion detection through stacking dilated convolutional autoencoders. Secur Commun Netw. https://www.hindawi.com/journals/scn/2017/4184196/ Accessed 20 Jun 2020
Kolosnjaji B, Zarras A, Webster G, Eckert C (2016) Deep learning for classification of malware system call sequences, in AI 2016: Advances in Artificial Intelligence. Cham 2016:137–149. https://doi.org/10.1007/978-3-319-50127-7_11
Mac H, Tran D, Tong V, Nguyen G, Tran HA (2017) DGA Botnet detection using supervised learning methods. 211–218. https://doi.org/10.1145/3155133.3155166
Yu B, Gray DL, Pan J, Cock MD, Nascimento ACA (2017) Inline DGA detection with deep networks. in 2017 IEEE International Conference on Data Mining Workshops (ICDMW) 683–692. https://doi.org/10.1109/ICDMW.2017.96
Karim F, Majumdar S, Darabi H (2019) Insights into LSTM fully convolutional networks for time series classification. IEEE Access 7:67718–67725. https://doi.org/10.1109/ACCESS.2019.2916828
Wang Zhiguang, Yan Weizhong, Oates T (2017) Time series classification from scratch with deep neural networks: a strong baseline. 2017 International Joint Conference on Neural Networks (IJCNN). Neural Networks (IJCNN) 1578–1585. https://doi.org/10.1109/IJCNN.2017.7966039
Park E, Cui X, Nguyen THB, Kim H (2019) Presentation attack detection using a tiny fully convolutional network, IEEE transactions on information forensics and security, information forensics and security, IEEE transactions on. IEEE Trans Inform Forensic Secur 14(11):3016–3025. https://doi.org/10.1109/TIFS.2019.2907184
Sarhan M, Layeghy S, Moustafa N, Portmann M (2021) NetFlow datasets for machine learning-based network intrusion detection systems. arXiv:2011.09144 [cs]. 371:117–135. https://doi.org/10.1007/978-3-030-72802-1_9
Peterson JM, Leevy JL, Khoshgoftaar TM (2021) A review and analysis of the Bot-IoT dataset. 2021 IEEE International Conference on Service-Oriented System Engineering (SOSE). Service-Oriented System Engineering (SOSE) SOSE 20–27. https://doi.org/10.1109/SOSE52839.2021.00007
Koroniotis N, Moustafa N, Sitnikova E, Slay J (2018) Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques. in Mobile Networks and Management, Cham 30–44. https://doi.org/10.1007/978-3-319-90775-8_3
Koroniotis N, Moustafa N, Sitnikova E (2020) A new network forensic framework based on deep learning for Internet of Things networks: a particle deep framework. Futur Gener Comput Syst 110:91–106. https://doi.org/10.1016/j.future.2020.03.042
Koroniotis N, Moustafa N (2020) Enhancing network forensics with particle swarm and deep learning: the particle deep framework 60. https://doi.org/10.5121/csit.2020.100304
Koroniotis N, Moustafa N, Schiliro F, Gauravaram P, Janicke H (2020) A holistic review of cybersecurity and reliability perspectives in smart airports. IEEE Access 8:209802–209834. https://doi.org/10.1109/ACCESS.2020.3036728
Cox J, Singh A (2018) Practical network scanning : capture network vulnerabilities using standard tools such as Nmap and Nessus. Packt Publishing. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5447291&site=eds-live&scope=site Accessed 21 Oct 2021
Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Network Security8:16–19. https://doi.org/10.1016/S1353-4858(11)70086-1
A survey on authentication attacks and countermeasures in a distributed environment | Semantic Scholar. [Online]. Available: https://www.semanticscholar.org/paper/A-SURVEY-ON-AUTHENTICATION-ATTACKS-AND-IN-A-Jesudoss/4a6383ce27766f892cebb0269d7be20260023cec Accessed 21 Oct 2021
Fernández A, García S, Galar M, Prati RC, Krawczyk B, Herrera F (2018) Learning from imbalanced data sets. Springer. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b4768180&site=eds-live&scope=site Accessed 10 Dec 2021
Handling imbalanced data- machine learning, computer vision, NLP, Analytics Vidhya. https://www.analyticsvidhya.com/blog/2020/11/handling-imbalanced-data-machine-learning-computer-vision-and-nlp/ Accessed 10 Dec 2021
Bishop CM (1995) Neural networks for pattern recognition. Oxford University Press. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b1535649&site=eds-live&scope=site Accessed 11 Dec 2021
Zheng A, Casari A (2018) Feature engineering for machine learning : principles and techniques for data scientists, First edition. O’Reilly Media. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5167004&site=eds-live&scope=site Accessed 11 Dec 2021.
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), presented at the 2015 Military Communications and Information Systems Conference, MilCIS 2015 - Proceedings 07. https://doi.org/10.1109/MilCIS.2015.7348942
Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Syst Secur 25(1–3):18–31
Moustafa N, Slay J, Creech G (2019) Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks, IEEE transactions on big data, big data, IEEE transactions on. IEEE Trans Big Data 5(4):481–494. https://doi.org/10.1109/TBDATA.2017.2715166
Moustafa N, Creech G, Slay J (2017) Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models, in Data analytics and decision support for cybersecurity: trends, methodologies and applications. Palomares I, Carrascosa, Kalutarage HK, Huang Y, Eds. Cham: Springer International Publishing. 127–156. https://doi.org/10.1007/978-3-319-59439-2_5
Witten IH, Frank E, Hall MA, Pal CJ (2017) Data mining : practical machine learning tools and techniques, Fourth edition. Morgan Kaufmann. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5158398&site=eds-live&scope=site Accessed 11 Dec 2021.
Moustafa N (2021) A new distributed architecture for evaluating AI-based security systems at the edge: network TON_IoT datasets. Sustain Cities Soc 72:102994. https://doi.org/10.1016/j.scs.2021.102994
Booij TM. Chiscop I, Meeuwissen E, Moustafa N, den Hartog FTH (2021) ToN_IoT: the role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion datasets. IEEE Internet of Things Journal 1–1. https://doi.org/10.1109/JIOT.2021.3085194
Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A (2020) TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8:165130–165150. https://doi.org/10.1109/ACCESS.2020.3022862
Moustafa N, Keshky M, Debiez E, Janicke H (2020) Federated TON_IoT windows datasets for evaluating AI-based security applications. in 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 848–855. https://doi.org/10.1109/TrustCom50675.2020.00114
Moustafa N, Ahmed M, Ahmed S (2020) Data analytics-enabled intrusion detection: evaluations of ToN_IoT linux datasets. in 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 727–735. https://doi.org/10.1109/TrustCom50675.2020.00100
Moustafa N (2020) New generations of internet of things datasets for cybersecurity applications based machine learning: TON_IoT datasets. Research Data Australia. https://researchdata.edu.au/new-generations-internet-toniot-datasets/1425941 Accessed 11 Dec 2021
Moustafa N (2019) A systemic IoT-fog-cloud architecture for big-data analytics and cyber security systems: a review of fog computing. [cs]. [Online]. Available:https://arxiv.org/abs/1906.01055 Accessed 11 Dec 2021
Ashraf J et al (2021) IoTBoT-IDS: a novel statistical learning-enabled botnet detection framework for protecting networks of smart cities. Sustain Cities Soc 72:103041. https://doi.org/10.1016/j.scs.2021.103041
Livieris IE, Pintelas E, Pintelas P (2020) A CNN–LSTM model for gold price time-series forecasting. Neural Comput & Applic 32(23):17351–17360. https://doi.org/10.1007/s00521-020-04867-x
Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15:1929–1958
Chollet F (2018) Deep learning with Python. Manning Publications. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b5162307&site=eds-live&scope=site Accessed 12 Dec 2021
Mahmoudi MA, Chetouani A, Boufera F, Tabia H (2020) Kernelized dense layers for facial expression recognition. 2020 IEEE International Conference on Image Processing (ICIP), Image Processing (ICIP), 2020 IEEE International Conference on 2226–2230. https://doi.org/10.1109/ICIP40778.2020.9190694
Chiluveru SR, Gyanendra, Chunarkar S, Tripathy M, Kaushik BK (2021) Efficient hardware implementation of DNN-based speech enhancement algorithm with precise sigmoid activation function. IEEE transactions on circuits and systems II: express briefs, circuits and systems II: express briefs, IEEE transactions on, IEEE Trans Circuits Syst II 68(11):3461–3465. https://doi.org/10.1109/TCSII.2021.3082941
Ioffe S, Szegedy C (2015) Batch normalization: accelerating deep network training by reducing internal covariate shift. in 32nd International Conference on Machine Learning, ICML1:448–456. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=edselc&AN=edselc.2-52.0-84969584486&site=eds-live&scope=site Accessed 13 Dec 2021
Karim F, Majumdar S, Darabi H, Chen S (2018) LSTM fully convolutional networks for time series classification. IEEE Access 6:1662–1669. https://doi.org/10.1109/ACCESS.2017.2779939
Kingma DP, Ba J (2017) Adam: a method for stochastic optimization, arXiv:1412.6980[cs]. [Online]. Available: https://arxiv.org/abs/1412.6980 Accessed 13 Dec 2021
Kuhn M, Johnson K (2013) Applied predictive modeling. Springer. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=cat00022a&AN=txi.b2605857&site=eds-live&scope=site Accessed 13 Dec 2021
Ethem Alpaydin (2014) Introduction to machine learning. vol. Third edition. Cambridge, MA: The MIT Press. [Online]. Available: https://libproxy.txstate.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=836612&site=eds-live&scope=site Accessed 13 Dec 2021
Adagbasa EG, Adelabu SA, Okello TW (2019) Application of deep learning with stratified K-fold for vegetation species discrimation in a protected mountainous region using Sentinel-2 image. Geocarto International 01. https://doi.org/10.1080/10106049.2019.1704070
Scikit-learn: machine learning in Python — scikit-learn 1.0.2 documentation. https://scikit-learn.org/stable/index.html Accessed 08 Jan 2022
Author information
Authors and Affiliations
Contributions
All authors contributed to this paper’s conception and design. Material preparation, data collection, and analysis were performed by Mohammad Shahin, Hamed Bouzarya, and Ali Hosseinzadeha. The first draft of the manuscript was written by Mohammad Shahin and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shahin, M., Chen, F.F., Bouzary, H. et al. A novel fully convolutional neural network approach for detection and classification of attacks on industrial IoT devices in smart manufacturing systems. Int J Adv Manuf Technol 123, 2017–2029 (2022). https://doi.org/10.1007/s00170-022-10259-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00170-022-10259-3