An ensemble deep learning model for cyber threat hunting in industrial internet of things
By the emergence of the fourth industrial revolution, interconnected devices and sensors generate large-scale, dynamic, and inharmonious data in Industrial Internet of Things (IIoT) platforms. Such vast heterogeneous data increase the challenges of security risks and data analysis procedures. As IIo...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co., Ltd.
2023-02-01
|
| Series: | Digital Communications and Networks |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2352864822001833 |
| _version_ | 1811159940787601408 |
|---|---|
| author | Abbas Yazdinejad Mostafa Kazemi Reza M. Parizi Ali Dehghantanha Hadis Karimipour |
| author_facet | Abbas Yazdinejad Mostafa Kazemi Reza M. Parizi Ali Dehghantanha Hadis Karimipour |
| author_sort | Abbas Yazdinejad |
| collection | DOAJ |
| description | By the emergence of the fourth industrial revolution, interconnected devices and sensors generate large-scale, dynamic, and inharmonious data in Industrial Internet of Things (IIoT) platforms. Such vast heterogeneous data increase the challenges of security risks and data analysis procedures. As IIoT grows, cyber-attacks become more diverse and complex, making existing anomaly detection models less effective to operate. In this paper, an ensemble deep learning model that uses the benefits of the Long Short-Term Memory (LSTM) and the Auto-Encoder (AE) architecture to identify out-of-norm activities for cyber threat hunting in IIoT is proposed. In this model, the LSTM is applied to create a model on normal time series of data (past and present data) to learn normal data patterns and the important features of data are identified by AE to reduce data dimension. In addition, the imbalanced nature of IIoT datasets has not been considered in most of the previous literature, affecting low accuracy and performance. To solve this problem, the proposed model extracts new balanced data from the imbalanced datasets, and these new balanced data are fed into the deep LSTM AE anomaly detection model. In this paper, the proposed model is evaluated on two real IIoT datasets -Gas Pipeline (GP) and Secure Water Treatment (SWaT) that are imbalanced and consist of long-term and short-term dependency on data. The results are compared with conventional machine learning classifiers, Random Forest (RF), Multi-Layer Perceptron (MLP), Decision Tree (DT), and Super Vector Machines (SVM), in which higher performance in terms of accuracy is obtained, 99.3% and 99.7% based on GP and SWaT datasets, respectively. Moreover, the proposed ensemble model is compared with advanced related models, including Stacked Auto-Encoders (SAE), Naive Bayes (NB), Projective Adaptive Resonance Theory (PART), Convolutional Auto-Encoder (C-AE), and Package Signatures (PS) based LSTM (PS-LSTM) model. |
| first_indexed | 2024-04-10T05:50:18Z |
| format | Article |
| id | doaj.art-fc4ab8d89de9405c8ad7cb0dc67bb315 |
| institution | Directory Open Access Journal |
| issn | 2352-8648 |
| language | English |
| last_indexed | 2024-04-10T05:50:18Z |
| publishDate | 2023-02-01 |
| publisher | KeAi Communications Co., Ltd. |
| record_format | Article |
| series | Digital Communications and Networks |
| spelling | doaj.art-fc4ab8d89de9405c8ad7cb0dc67bb3152023-03-05T04:24:54ZengKeAi Communications Co., Ltd.Digital Communications and Networks2352-86482023-02-0191101110An ensemble deep learning model for cyber threat hunting in industrial internet of thingsAbbas Yazdinejad0Mostafa Kazemi1Reza M. Parizi2Ali Dehghantanha3Hadis Karimipour4Cyber Science Lab, School of Computer Science, University of Guelph, Ontario, CanadaDepartment of Electrical Engineering, Faculty of Engineering, Shahed University, Tehran, IranCollege of Computing and Software Engineering, Kennesaw State University, GA, USACyber Science Lab, School of Computer Science, University of Guelph, Ontario, Canada; Corresponding author.School of Engineering, University of Guelph, Ontario, CanadaBy the emergence of the fourth industrial revolution, interconnected devices and sensors generate large-scale, dynamic, and inharmonious data in Industrial Internet of Things (IIoT) platforms. Such vast heterogeneous data increase the challenges of security risks and data analysis procedures. As IIoT grows, cyber-attacks become more diverse and complex, making existing anomaly detection models less effective to operate. In this paper, an ensemble deep learning model that uses the benefits of the Long Short-Term Memory (LSTM) and the Auto-Encoder (AE) architecture to identify out-of-norm activities for cyber threat hunting in IIoT is proposed. In this model, the LSTM is applied to create a model on normal time series of data (past and present data) to learn normal data patterns and the important features of data are identified by AE to reduce data dimension. In addition, the imbalanced nature of IIoT datasets has not been considered in most of the previous literature, affecting low accuracy and performance. To solve this problem, the proposed model extracts new balanced data from the imbalanced datasets, and these new balanced data are fed into the deep LSTM AE anomaly detection model. In this paper, the proposed model is evaluated on two real IIoT datasets -Gas Pipeline (GP) and Secure Water Treatment (SWaT) that are imbalanced and consist of long-term and short-term dependency on data. The results are compared with conventional machine learning classifiers, Random Forest (RF), Multi-Layer Perceptron (MLP), Decision Tree (DT), and Super Vector Machines (SVM), in which higher performance in terms of accuracy is obtained, 99.3% and 99.7% based on GP and SWaT datasets, respectively. Moreover, the proposed ensemble model is compared with advanced related models, including Stacked Auto-Encoders (SAE), Naive Bayes (NB), Projective Adaptive Resonance Theory (PART), Convolutional Auto-Encoder (C-AE), and Package Signatures (PS) based LSTM (PS-LSTM) model.http://www.sciencedirect.com/science/article/pii/S2352864822001833Internet of thingsIIoTAnomaly detectionEnsemble deep learningNeural networksLSTM |
| spellingShingle | Abbas Yazdinejad Mostafa Kazemi Reza M. Parizi Ali Dehghantanha Hadis Karimipour An ensemble deep learning model for cyber threat hunting in industrial internet of things Digital Communications and Networks Internet of things IIoT Anomaly detection Ensemble deep learning Neural networks LSTM |
| title | An ensemble deep learning model for cyber threat hunting in industrial internet of things |
| title_full | An ensemble deep learning model for cyber threat hunting in industrial internet of things |
| title_fullStr | An ensemble deep learning model for cyber threat hunting in industrial internet of things |
| title_full_unstemmed | An ensemble deep learning model for cyber threat hunting in industrial internet of things |
| title_short | An ensemble deep learning model for cyber threat hunting in industrial internet of things |
| title_sort | ensemble deep learning model for cyber threat hunting in industrial internet of things |
| topic | Internet of things IIoT Anomaly detection Ensemble deep learning Neural networks LSTM |
| url | http://www.sciencedirect.com/science/article/pii/S2352864822001833 |
| work_keys_str_mv | AT abbasyazdinejad anensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT mostafakazemi anensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT rezamparizi anensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT alidehghantanha anensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT hadiskarimipour anensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT abbasyazdinejad ensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT mostafakazemi ensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT rezamparizi ensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT alidehghantanha ensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings AT hadiskarimipour ensembledeeplearningmodelforcyberthreathuntinginindustrialinternetofthings |