GA-mADAM-IIoT: A new lightweight threats detection in the industrial IoT via genetic algorithm with attention mechanism and LSTM on multivariate time series sensor data

Yakub Kayode Saheed , Adekunle Isaac Omole , Musa Odunayo Sabit
{"title":"GA-mADAM-IIoT: A new lightweight threats detection in the industrial IoT via genetic algorithm with attention mechanism and LSTM on multivariate time series sensor data","authors":"Yakub Kayode Saheed ,&nbsp;Adekunle Isaac Omole ,&nbsp;Musa Odunayo Sabit","doi":"10.1016/j.sintl.2024.100297","DOIUrl":null,"url":null,"abstract":"<div><p>The Industrial Internet of Things (IIoT) is undergoing rapid development, and as a result, security threats have emerged as a significant concern. IIoT networks, while enhancing service quality, are particularly susceptible to security risks because of their intrinsic interconnectedness and the use of low-power devices. The data produced by millions of sensors in the IIoT is highly dynamic, diverse, and of massive magnitude. The risk of dangers to IoT gadgets in a nuclear plant or a petroleum refinery is significantly greater when compared to that of home appliances. Often connected to the internet, IIoT devices and systems lack robust security measures, rendering them susceptible to cyberattacks. A breach in IIoT security could result in data theft, equipment damage, or even physical harm. To mitigate these risks, IIoT systems require secure authentication and encryption protocols, regular software updates, and proactive monitoring and response capabilities. These methods' primary disadvantages are their difficulty in implementation and inability to ensure effective security. Hence, a second line of protection, such as intrusion threat detection in IIoT, is required. In this research, we propose a new threat intrusion detection model in the IIoT through a genetic algorithm with attention mechanism and modified Adam optimized LSTM (GA-mADAM-IIoT). The GA-mADAM-IIoT consists of six modules: the activity receiver, communication module (CM), attention module (AM), intrusion detection module, mitigation module, and alert module. The GA was designed for feature dimensionality and selection trained on network flow data via a Long Short-Term Memory (LSTM) network. The adaptive moment estimation (Adam) optimizer was modified in order to optimize the LSTM (mADAM-LSTM) networks. To enhance the performance of our model, the categorical cross-entropy (CCE) cost function was used to calculate the difference between the predicted output and the actual output. Additionally, the CCE cost function optimized the model's parameters to minimize the difference between predicted and actual values in terms of probability distributions. The Modified Adam (mADAM) optimization algorithm updates the weights and biases of the LSTM to minimize the cost function. Due to the limited availability of real-world datasets containing accurately labelled anomalies, particularly for industrial facilities and manufacturing facilities, we have utilized two sensor datasets derived from physical test-bed systems for water treatment: Secure Water Treatment (SWaT) and Water Distribution (WADI). In these datasets, operators have simulated attack scenarios that occur in real-world water treatment plants and have recorded these instances as the ground truth anomalies. A regularization parameter was added to the cost function to prevent LSTM from overfitting. In order to improve the model's performance, the AM integrates a succinct yet effective attention mechanism that enhances significant information in the output of the CM. This reduces the burden on GA-mADAM-IIoT to detect threat patterns at the IDS module. The experimental findings showed that the threat detection GA-mADAM-IIoT via GA feature dimensionality and modified Adam LSTM outperforms the ablation studies. Furthermore, we improve the suggested transparency of threat detection by integrating the Shapley Additive Explanations (SHAP) technique from Explainable AI. This enhances the trustworthiness and comprehensibility of the threat detection process. The proposed model was also compared with the state-of-the-art models, and our results showed outstanding accuracy of 99.98 %, AUC of 100 %, recall of 99.98 %, precision of 99.98 %, F1 of 99.98 %, and MCC of 99.66 % on SWaT data. On the WADI, we obtained an accuracy of 99.87 %, AUC of 100 %, recall of 99.87 %, precision of 99.87 %, F1-score of 99.87 %, and MCC of 98.20 %. The proposed GA-mADAM-IIoT is a generalized model that can be integrated with other IIoT security solutions, such as firewalls and access controls, to provide comprehensive security coverage in real time.</p></div>","PeriodicalId":21733,"journal":{"name":"Sensors International","volume":"6 ","pages":"Article 100297"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2666351124000196/pdfft?md5=0f668b7a84f563684bd248606646127e&pid=1-s2.0-S2666351124000196-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sensors International","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666351124000196","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The Industrial Internet of Things (IIoT) is undergoing rapid development, and as a result, security threats have emerged as a significant concern. IIoT networks, while enhancing service quality, are particularly susceptible to security risks because of their intrinsic interconnectedness and the use of low-power devices. The data produced by millions of sensors in the IIoT is highly dynamic, diverse, and of massive magnitude. The risk of dangers to IoT gadgets in a nuclear plant or a petroleum refinery is significantly greater when compared to that of home appliances. Often connected to the internet, IIoT devices and systems lack robust security measures, rendering them susceptible to cyberattacks. A breach in IIoT security could result in data theft, equipment damage, or even physical harm. To mitigate these risks, IIoT systems require secure authentication and encryption protocols, regular software updates, and proactive monitoring and response capabilities. These methods' primary disadvantages are their difficulty in implementation and inability to ensure effective security. Hence, a second line of protection, such as intrusion threat detection in IIoT, is required. In this research, we propose a new threat intrusion detection model in the IIoT through a genetic algorithm with attention mechanism and modified Adam optimized LSTM (GA-mADAM-IIoT). The GA-mADAM-IIoT consists of six modules: the activity receiver, communication module (CM), attention module (AM), intrusion detection module, mitigation module, and alert module. The GA was designed for feature dimensionality and selection trained on network flow data via a Long Short-Term Memory (LSTM) network. The adaptive moment estimation (Adam) optimizer was modified in order to optimize the LSTM (mADAM-LSTM) networks. To enhance the performance of our model, the categorical cross-entropy (CCE) cost function was used to calculate the difference between the predicted output and the actual output. Additionally, the CCE cost function optimized the model's parameters to minimize the difference between predicted and actual values in terms of probability distributions. The Modified Adam (mADAM) optimization algorithm updates the weights and biases of the LSTM to minimize the cost function. Due to the limited availability of real-world datasets containing accurately labelled anomalies, particularly for industrial facilities and manufacturing facilities, we have utilized two sensor datasets derived from physical test-bed systems for water treatment: Secure Water Treatment (SWaT) and Water Distribution (WADI). In these datasets, operators have simulated attack scenarios that occur in real-world water treatment plants and have recorded these instances as the ground truth anomalies. A regularization parameter was added to the cost function to prevent LSTM from overfitting. In order to improve the model's performance, the AM integrates a succinct yet effective attention mechanism that enhances significant information in the output of the CM. This reduces the burden on GA-mADAM-IIoT to detect threat patterns at the IDS module. The experimental findings showed that the threat detection GA-mADAM-IIoT via GA feature dimensionality and modified Adam LSTM outperforms the ablation studies. Furthermore, we improve the suggested transparency of threat detection by integrating the Shapley Additive Explanations (SHAP) technique from Explainable AI. This enhances the trustworthiness and comprehensibility of the threat detection process. The proposed model was also compared with the state-of-the-art models, and our results showed outstanding accuracy of 99.98 %, AUC of 100 %, recall of 99.98 %, precision of 99.98 %, F1 of 99.98 %, and MCC of 99.66 % on SWaT data. On the WADI, we obtained an accuracy of 99.87 %, AUC of 100 %, recall of 99.87 %, precision of 99.87 %, F1-score of 99.87 %, and MCC of 98.20 %. The proposed GA-mADAM-IIoT is a generalized model that can be integrated with other IIoT security solutions, such as firewalls and access controls, to provide comprehensive security coverage in real time.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
GA-mADAM-IIoT:在多变量时间序列传感器数据上,通过带有关注机制和 LSTM 的遗传算法,在工业物联网中进行新型轻量级威胁检测
工业物联网(IIoT)正在迅速发展,因此,安全威胁已成为人们关注的一个重要问题。IIoT 网络在提高服务质量的同时,由于其固有的互联性和低功耗设备的使用,特别容易受到安全风险的影响。IIoT 中数以百万计的传感器所产生的数据高度动态、多样且量级巨大。与家用电器相比,核电站或炼油厂的物联网小工具面临的危险要大得多。物联网设备和系统通常与互联网相连,缺乏强有力的安全措施,因此很容易受到网络攻击。IIoT 安全漏洞可能导致数据被盗、设备损坏甚至人身伤害。为了降低这些风险,IIoT 系统需要安全的身份验证和加密协议、定期的软件更新以及主动监控和响应能力。这些方法的主要缺点是难以实施,无法确保有效的安全性。因此,需要第二道防护线,如 IIoT 中的入侵威胁检测。在本研究中,我们通过带有注意力机制的遗传算法和改进的亚当优化 LSTM(GA-mADAM-IIoT),提出了一种新的 IIoT 威胁入侵检测模型。GA-mADAM-IIoT 由六个模块组成:活动接收器、通信模块(CM)、关注模块(AM)、入侵检测模块、缓解模块和警报模块。GA 设计用于特征维度和选择,并通过长短期记忆(LSTM)网络对网络流数据进行训练。为了优化 LSTM(mADAM-LSTM)网络,对自适应矩估计(Adam)优化器进行了修改。为了提高模型的性能,我们使用了分类交叉熵(CCE)成本函数来计算预测输出与实际输出之间的差值。此外,CCE 成本函数还优化了模型参数,以最小化预测值与实际值在概率分布上的差异。修正亚当(mADAM)优化算法会更新 LSTM 的权重和偏置,以最小化成本函数。由于现实世界中包含精确标注异常数据集的可用性有限,尤其是对于工业设施和制造设施而言,因此我们利用了两个来自水处理物理测试平台系统的传感器数据集:安全水处理 (SWaT) 和配水 (WADI)。在这些数据集中,操作人员模拟了真实世界水处理厂中发生的攻击场景,并将这些实例记录为地面实况异常。成本函数中添加了一个正则化参数,以防止 LSTM 过度拟合。为了提高模型的性能,AM 集成了一种简洁而有效的关注机制,以增强 CM 输出中的重要信息。这减轻了 GA-mADAM-IIoT 在 IDS 模块中检测威胁模式的负担。实验结果表明,通过 GA 特征维度和改进亚当 LSTM 的威胁检测 GA-mADAM-IIoT 优于消融研究。此外,我们还通过整合可解释人工智能的 Shapley Additive Explanations(SHAP)技术,提高了威胁检测的透明度。这增强了威胁检测过程的可信度和可理解性。我们还将所提出的模型与最先进的模型进行了比较,结果表明,在 SWaT 数据上,我们的准确率为 99.98%,AUC 为 100%,召回率为 99.98%,精确率为 99.98%,F1 为 99.98%,MCC 为 99.66%。在 WADI 数据上,我们获得了 99.87 % 的准确率、100 % 的 AUC、99.87 % 的召回率、99.87 % 的精确率、99.87 % 的 F1 分数和 98.20 % 的 MCC。所提出的 GA-mADAM-IIoT 是一种通用模型,可与防火墙和访问控制等其他物联网安全解决方案集成,从而实时提供全面的安全覆盖。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
17.40
自引率
0.00%
发文量
0
期刊最新文献
Analytical model for DG-AlGaN/GaN MOS-HEMT for sensitive analysis of pH analytes and charged biomolecules Fabrication of a non-enzymatic photoelectrochemical sensor based on a BiOBr-CuO nanocomposite for detecting Glucose and Tetracycline A portable easy-to-use triboelectric sensor for arteriovenous fistula monitoring in dialysis patients Photocatalytic and electrochemical sensor detection of ascorbic and uric acid using novel plant extract green synthesis of CaO nanoparticles Dual-channel infrared OPO lidar optical system for remote sensing of greenhouse gases in the atmosphere: Design and characteristics
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1