HMS-IDS: Threat Intelligence Integration for Zero-Day Exploits and Advanced Persistent Threats in IIoT

Critical Industries such as Manufacturing, Power, and Intelligent Transportation are increasingly using IIoT systems, making them more susceptible to cyberattacks. To counter these cyberattacks, policymakers have made strong guidelines, and various security provisions like secure authentication and encryption mechanisms as effective countermeasures for these systems. The exponential rise in cyberattacks has proven that all these measures are not sufficient to protect IIoT systems and have certain limitations. Considering the progress in Artificial Intelligence, it is widely acknowledged that Machine Learning (ML) based Intrusion Detection Systems (IDS) hold significant potential for identifying these cyberattacks. Numerous ML-based IDS have been proposed, which are capable of detecting known attacks but do not perform well in recognizing the “Unknown-Attacks” or Zero-Day Attacks (ZDAs) and Advanced Persistent Threats (APTs); hence, one of the most prominent concerns in the cyber industry is how threat intelligence could be used to protect against these exploits. The proposed “Hybrid Multi-Stage Intrusion Detection System” (HMS-IDS) is driven by supervised and unsupervised approaches to identify both known and unknown cyber-attacks in IIoT environments. By carefully evaluating the esteemed CIC-ToN-IoT dataset, the proposed IDS model attains staggering levels of accuracy, reaching an impressive 99.49% in detecting known attacks and an exceptional 98.936% in identifying unknown attacks. These compelling findings unequivocally substantiate the system’s efficacy in real-time detection of malicious cyber incursions targeting IIoT devices, thereby underscoring its tremendous potential for wide-scale implementation and practical deployment. To validate the proposed model’s reliability, the performance evaluation is also performed on state-of-the-art datasets, namely KDD-99 Cup, NSL-KDD, CICIDS 2017.