|Computers, Materials & Continua |
Artificial Intelligence Based Threat Detection in Industrial Internet of Things Environment
College of Computing and Information Technology, Shaqra University, Sharqa, Saudi Arabia
*Corresponding Author: Fahad F. Alruwaili. Email: firstname.lastname@example.org
Received: 22 April 2022; Accepted: 07 June 2022
Abstract: Internet of Things (IoT) is one of the hottest research topics in recent years, thanks to its dynamic working mechanism that integrates physical and digital world into a single system. IoT technology, applied in industries, is termed as Industrial IoT (IIoT). IIoT has been found to be highly susceptible to attacks from adversaries, based on the difficulties observed in IIoT and its increased dependency upon internet and communication network. Intentional or accidental attacks on these approaches result in catastrophic effects like power outage, denial of vital health services, disruption to civil service, etc., Thus, there is a need exists to develop a vibrant and powerful for identification and mitigation of security vulnerabilities in IIoT. In this view, the current study develops an AI-based Threat Detection and Classification model for IIoT, abbreviated as AITDC-IIoT model. The presented AITDC-IIoT model initially pre-processes the input data to transform it into a compatible format. In addition, Whale Optimization Algorithm based Feature Selection (WOA-FS) is used to elect the subset of features. Moreover, Cockroach Swarm Optimization (CSO) is employed with Random Vector Functional Link network (RVFL) technique for threat classification. Finally, CSO algorithm is applied to appropriately adjust the parameters related to RVFL model. The performance of the proposed AITDC-IIoT model was validated under benchmark datasets. The experimental results established the supremacy of the proposed AITDC-IIoT model over recent approaches.
Keywords: Security; industrial internet of things; threat detection; artificial intelligence; feature selection
Internet of Things (IoT) has managed to pervade numerous domains from home automation to industries with crucial frameworks. The contributions of IoT are wide enough started from attaining the final cases or complementing/exchanging the processes involved in industrial control systems. The extensive applicability of IoT gadgets allows the industrial technologies to flourish, in industries with less technical maturity. Few appropriate instances are linked with exploitation of oil and electricity production while both the domains are straightforwardly linked with national cyberdefence . Industrial Internet of Things (IIoT) combines multiple players such as sensors, gadgets, and physical machineries with internet. Then, it utilizes software to conduct deep analytics and convert huge volumes of both structured and unstructured data into powerful insights and information . IIoT emphasizes the application of IoT in manufacturing zones since there is a growing interest among researchers to involve Machine-to-Machine (M2 M) transmission, big data, and Machine Learning (ML) in industry settings. IoT can also be applied in some other domains such as linking wastewater systems and manufacturing of robots, flow gauges, electric meters and other connected systems, and industrial gadgets. With the incorporation of IIoT, institutions as well as manufacturing hubs gain high efficiency and dependability upon its works . Since IoT is capable of linking multiple gadgets with internet, it allows the identification of distinct threats to perform anomalous actions. There is an increasing number of loopholes and susceptibilities found in the protocol utilized by IIoT structure. If it encounters risks, sophisticated attacks can be made at IIoT environment using multiple methods . The intentions of an attacker are multitude in nature such as gaining access to appropriate data, money theft, and source corruption .
IoT gadgets have special features with regard to transmission. So, whenever there is an attack made, it tends to provoke the decentralized assaults on any kind of structures . These are the difficulties faced in designing an identification algorithm for IoT which are well known in traditional networks [7,8]. The main goal of machine learning technique is to empower the technologies so that it learns and performs estimation based on the information scheduled earlier. Though the usage of ML in identifying anomalous conduct is an established process, intruder identification domain has been mostly untouched . In conventional techniques, anomaly recognition has been performed by statistical methodologies. Therefore, the increasing penetration of ML methods has unlocked new probabilities for the identification of outlier information, thanks to the accessibility of huge volume of information which might be leveraged using ML methods. In this perspective, such ML methods provide an alluring viewpoint to be applied in IoT application zones. It is challenging to make use of stationary models in this regard .
Aboelwafa et al.  proposed a novel attack detection methodology via Autoencoder (AE). The study exploited the sensor data in correlation with time and space to sequentially recognize the fabricated dataset. Furthermore, the fabricated dataset is refined by Denoising AE (DAE). The DAE dataset was cleaned in an efficient manner and produced clean datasets from the corrupted (attacked) information. Hassan et al.  developed a down sampler-encoder-based collective dataset generator. This model was to ensure the effective collection of real distribution of the attack model for large-scale IIoT attack surfaces. The presented downsampler-based data generator is upgraded simultaneously and confirmed at the time of training Deep Neural Network (DNN) discriminators so as to ensure robustness.
Qureshi et al.  presented a secure and novel architecture for identification of security threats in RPL-based IoT and IIoT systems. The presented architecture possesses the ability to identify Version number, HELLO-Flood, Blackhole, and Sinkhole attacks. Hassan et al.  enhanced the reliability of IIoT systems using a scalable and reliable cyberattack recognition method i.e., Supervisory Control and Data Acquisition (SCADA) technique. To be specific, an ensemble-learning method, related to the integration of Random Subspace (RS) learning model using Random Tree (RT), was presented to identify SCADA cyberattacks o through network traffic from SCADA-related IIoT architecture. The researchers in the literature [15–19] developed a detection module based on Stacked Variation Auto-Encoder (VAE) with Convolution Neural Network (CNN). This model has the capability to learn about hidden architecture of the scheme’s activity and reveal its ransomware behaviour. Furthermore, a data augmentation technique was proposed based on VAE to generate a novel dataset that can be utilized in training a system and to improve the generalized abilities of the presented method.
The current study develops an AI-based Threat Detection and Classification model for IIoT, named AITDC-IIoT model. The presented AITDC-IIoT model initially pre-processes the input data and transforms it into a compatible format. Then, Whale Optimization Algorithm-based Feature Selection (WOA-FS) model has been involved to elect the subset of features. Moreover, Cockroach Swarm Optimization (CSO) is employed with Random Vector Functional Link network (RVFL) model for classification of threats. Finally, CSO algorithm is applied to appropriately adjust the parameters involved in RVFL model. The performance of the proposed AITDC-IIoT model was validated using benchmark datasets.
In this study, a new AITDC-IIoT model has been developed for proficient threat detection and classification using IIoT. The presented AITDC-IIoT model initially pre-processes the input data to convert it into a compatible format. Followed by, WOA-FS model is applied to elect the subset of features. At last, CSO is employed with RVFL model for classification of threats. Fig. 1 depicts the overall block diagram of AITDC-IIoT technique.
In order to elect the features, WOA is applied in this study. In order to explore the most number of possible solutions for the problem from searching space, whale individuals are utilized from the community . Three functions are applied in WOA such as hunting, encircling, and shrinking. During exploitation stage, both surrounding and shrinking functions are utilized. However, under exploration stage, the hunting function is utilized. To arrive at the optimal solution for Dimension Optimization problem (DO), the processes of individual from generation are utilized. Following processes are involved in WOA.
The arbitrary number in the range of [0 1] is explained through , The existing number of iterations is demonstrated as , maximum number of iterations is explained as and the positive vector of the optimum solution is denoted by . In order to define the logarithmical spiral shape, a constant e is utilized, and the arbitrary number from −1 and 1 is demonstrated as . The arbitrary position vector is chosen from the existing population. Three distances are subsequently found. At first, the primary distance is at while the secondary distance is at and the tertiary distance is at . Based on the probability , three Eqs. (1)–(3) are applied in WOA. The whale individuals are upgraded in Eq. (1), if and , then the individuals are adjusted by Eq. (3), once . Eq. (2) is utilized for updating the individuals, if
In WOA, the whale moves from searching space to adapt to the position pointed in the space which is named as ‘constant space’. The transformation can be done using -shaped transfer function. The possibility of altering the location vector element from to 1 is adapted by the transfer function. So, it forces the searching agent to move into a binary space. Fig. 2 depicts the flowchart of WOA.
The -shaped function is updated as demonstrated herewith.
2.2 Threat Classification Module
Once the features are selected, they are fed as input in RVFL model for classification purpose. RVFL model depends upon Single Layer Feed Forward Network (SLFN) . In this method, the weights are arbitrarily initialized based on the node and weight is tuned with no iteration. Consider that RVFL network contains J improvement node and is the resultant weight, whereas . The activation function for trained instance is determined as on the improvement layer to and . Here, and b correspond to weight as well as bias correspondingly. Accordingly, Hessian matrix is assumed as as follows.
The problem equation for RVFL is stated as
whereas and refers to the fixed positive constants. At this point, the gradient of Eq. (7) is defined in terms of . Additionally, the gradient equates to to determine the solution as follows.
At novel instance , the regressor evaluated for RVFL is as follows.
2.3 Parameter Optimization Module
In this final stage, CSO algorithm is applied to appropriately adjust the parameters related to RVFL model [22–25]. The CSO model imitates cockroach behavior i.e., dispersing, ruthless, chase-swarming behaviors . In -dimension searching region , a cockroach cluster consists of N cockroach individuals while - individual characterizes the -dimension vector and the individual position is the best possible solution.
In this equation, indicates the inertia weight i.e., a constant step indicates a fixed value whereas rand denotes an arbitrary value that lies in the interval of
Whereas opt indicates the optimal value.
Now rand(l, D) represents the -dimension vector that is fixed to some extent.
In this formula, denotes an arbitrary value within and indicates the global optimal location. The steps involved in Continual space Cockroach Swarm Optimization (CCSO) method are shown below.
1. Initialize cockroach swarm with uniform distribution of arbitrary numbers and set value for each parameter.
2. Search and using the Eqs. (11) and (12).
3. Implement chase-swarming by Eq. (10)
4. Implement dispersion behaviour by Eq. (13)
5. Implement ruthless behavior by Eq. (14)
6. Repeat the loop until the end condition is obtained.
In this section, the proposed AITDC-IIoT model was experimentally validated using N-BaIoT dataset . The dataset holds 76,200 samples under 9 class labels which are given in Tab. 1.
Fig. 3 demonstrates the set of confusion matrices generated by the proposed AITDC-IIoT model on test dataset. The figures imply that the proposed AITDC-IIoT model effectively recognized all the nine classes in the applied dataset.
Tab. 2 illustrates the results offered by AITDC-IIoT model on threat classification in IIoT environment. The results indicate that the proposed AITDC-IIoT model gained significant results under all the classes. For instance, with entire dataset, the proposed AITDC-IIoT model categorized benign classes with , , , , and Mathew Correlation Coefficient (MCC) values such as 99.28%, 99.87%, 99.02%, 99.44%, and 98.43% respectively. Simultaneously, with entire dataset, the AITDC-IIoT method categorized TCP class with , , , , and MCC values such as 99.82%, 97.83%, 98.09%, 97.96%, and 97.86% respectively. Concurrently, with 70% of TR dataset, the presented AITDC-IIoT approach categorized benign classes with , , , , and MCC values such as 99.27%, 99.87%, 99.01%, 99.44%, and 98.41% correspondingly. Meanwhile, with 70% of TR dataset, the proposed AITDC-IIoT system categorized TCP class with , , , , and MCC values such as 99.82%, 98.04%, 97.91%, 97.98%, and 97.88% respectively. Eventually, with 30% of TS dataset, AITDC-IIoT model categorized benign class with , , , , and MCC values such as 99.83%, 97.58%, 98.53%, 98.05%, and 97.96% correspondingly.
Fig. 4 demonstrates the average threat classification outcomes achieved by the proposed AITDC-IIoT model. Upon entire dataset, AITDC-IIoT model achieved average , , , , and MCC values such as 99.75%, 97.43%, 98.68%, 98.05%, and 97.85% respectively. Moreover, on 70% of TR dataset, the proposed AITDC-IIoT technique offered average , , , , and MCC values such as 99.75%, 97.35%, 98.63%, 97.98%, and 97.78% correspondingly. Furthermore, on 30% of TS dataset, the presented AITDC-IIoT model provided average , , , , and MCC values such as 99.83%, 97.58%, 98.53%, 98.05%, and 97.96% correspondingly.
A brief precision-recall analysis was conducted upon AITDC-IIoT approach on test dataset and the results are depicted in Fig. 5. As per the figure, it is clear that the proposed AITDC-IIoT method accomplished maximum precision-recall performance under different number of class labels.
Training Accuracy (TA) and Validation Accuracy (VA) values, attained by AITDC-IIoT model on test dataset, are demonstrated in Fig. 6. The experimental outcome imply that AITDC-IIoT model gained the maximum TA and VA values. To be specific, VA seemed to be higher than TA.
Training Loss (TL) and Validation Loss (VL) values, achieved by the proposed AITDC-IIoT technique on test dataset, are portrayed in Fig. 7. The experimental outcomes infer that AITDC-IIoT model achieved the least TL and VL values. To be specific, VL seemed to be lower than TL.
In order to validate the supremacy of the proposed AITDC-IIoT model, a detailed comparative analysis was performed against existing models and the results are shown in Tab. 3 .
Fig. 8 illustrates the comparative examination results of AITDC-IIoT model and other existing methods in terms of . The experimental values indicate that Cu-DNN-long Short Term Memory (LSTM) model achieved ineffectual outcome with the least of 94.91%. Followed by, Gated Recurrent Unit (GRU)-Recurrent Neural Network (RNN), AutoEncoders-EDSA, Multi-CNN, Cu-LSTMGRU-Cu-BLSTM, and Cu-DNN-GRU models produced reasonably closer values such as 96.75%, 96.36%, 96.79%, 96.99%, and 96.11% respectively. However, the proposed AITDC-IIoT model accomplished an enhanced performance with a maximum of 97.58%.
Fig. 9 showcases the comparative analysis results achieved by the proposed AITDC-IIoT model and other existing methods in terms of . The experimental values indicate that Cu-DNN-LSTM model showcased ineffectual outcomes with a minimal of 97.70%. Next, GRU-RNN, AutoEncoders-EDSA, Multi-CNN, Cu-LSTMGRU-Cu-BLSTM, and Cu-DNN-GRU models produced reasonably closer values such as 94.40%, 95.59%, 97.65%, 98.12%, and 97.01% correspondingly. But, the proposed AITDC-IIoT model accomplished an enhanced performance with a maximum of 97.58%.
Fig. 10 depicts the comparative investigation results attained by the proposed AITDC-IIoT approach and other existing methods in terms of . The experimental values infer that Cu-DNN-LSTM model achieved ineffectual outcome with the least of 98.86%. Likewise, GRU-RNN, AutoEncoders-EDSA, Multi-CNN, Cu-LSTMGRU-Cu-BLSTM, and Cu-DNN-GRU models produced reasonably closer values such as 96.87%, 97.24%, 99.11%, 99.47%, and 99.16% correspondingly. However, the proposed AITDC-IIoT model accomplished enhanced performance with a maximum of 99.83%.
Fig. 11 demonstrates the comparative analysis results achieved by AITDC-IIoT system and other existing systems in terms of . The experimental values imply that Cu-DNN-LSTM algorithm attained ineffectual outcome with a minimal of 97.51%. Along with that, GRU-RNN, AutoEncoders-EDSA, Multi-CNN, Cu-LSTMGRU-Cu-BLSTM, and Cu-DNN-GRU techniques produced reasonably closer values such as 97.88%, 97.41%, 96.81%, 97.95%, and 97.57% respectively. At last, the proposed AITDC-IIoT methodology accomplished an enhanced performance with a maximum of 98.05%.
Based on the results and discussion made above, it is apparent that the proposed AITDC-IIoT model is an excellent performer in terms of threat detection and classification compared to the existing techniques.
In this study, a new AITDC-IIoT model has been developed for proficient threat detection and classification. The presented AITDC-IIoT model initially pre-processes the input data so as to convert it to a compatible format. Followed by, WOA-FS model is involved to elect the subset of features. Moreover, CSO is employed with RVFL model for threat classification. Finally, CSO algorithm is applied to appropriately adjust the parameters related to RVFL model. The performance of the proposed AITDC-IIoT model was validated under benchmark datasets. The experimental results established the supremacy of the proposed AITDC-IIoT technique over recent approaches. Thus, AITDC-IIoT model can be employed for effectual threat detection and classification in IIoT environment. In future, the performance of the model can be enhanced by including outlier detection and clustering processes.
Funding Statement: The author received no specific funding for this study.
Conflicts of Interest: The author declares that he has no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|