The Industrial Internet of Things (IIoT) is undergoing rapid development, and as a result, security threats have emerged as a significant concern. IIoT networks, while enhancing service quality, are particularly susceptible to security risks because of their intrinsic interconnectedness and the use of low-power devices. The data produced by millions of sensors in the IIoT is highly dynamic, diverse, and of massive magnitude. The risk of dangers to IoT gadgets in a nuclear plant or a petroleum refinery is significantly greater when compared to that of home appliances. Often connected to the internet, IIoT devices and systems lack robust security measures, rendering them susceptible to cyberattacks. A breach in IIoT security could result in data theft, equipment damage, or even physical harm. To mitigate these risks, IIoT systems require secure authentication and encryption protocols, regular software updates, and proactive monitoring and response capabilities. These methods' primary disadvantages are their difficulty in implementation and inability to ensure effective security. Hence, a second line of protection, such as intrusion threat detection in IIoT, is required. In this research, we propose a new threat intrusion detection model in the IIoT through a genetic algorithm with attention mechanism and modified Adam optimized LSTM (GA-mADAM-IIoT). The GA-mADAM-IIoT consists of six modules: the activity receiver, communication module (CM), attention module (AM), intrusion detection module, mitigation module, and alert module. The GA was designed for feature dimensionality and selection trained on network flow data via a Long Short-Term Memory (LSTM) network. The adaptive moment estimation (Adam) optimizer was modified in order to optimize the LSTM (mADAM-LSTM) networks. To enhance the performance of our model, the categorical cross-entropy (CCE) cost function was used to calculate the difference between the predicted output and the actual output. Additionally, the CCE cost function optimized the model's parameters to minimize the difference between predicted and actual values in terms of probability distributions. The Modified Adam (mADAM) optimization algorithm updates the weights and biases of the LSTM to minimize the cost function. Due to the limited availability of real-world datasets containing accurately labelled anomalies, particularly for industrial facilities and manufacturing facilities, we have utilized two sensor datasets derived from physical test-bed systems for water treatment: Secure Water Treatment (SWaT) and Water Distribution (WADI). In these datasets, operators have simulated attack scenarios that occur in real-world water treatment plants and have recorded these instances as the ground truth anomalies. A regularization parameter was added to the cost function to prevent LSTM from overfitting. In order to improve the model's performance, the AM integrates a succinct yet effective attention mechanism that enhances significant information in the output of the CM. This reduces the burden on GA-mADAM-IIoT to detect threat patterns at the IDS module. The experimental findings showed that the threat detection GA-mADAM-IIoT via GA feature dimensionality and modified Adam LSTM outperforms the ablation studies. Furthermore, we improve the suggested transparency of threat detection by integrating the Shapley Additive Explanations (SHAP) technique from Explainable AI. This enhances the trustworthiness and comprehensibility of the threat detection process. The proposed model was also compared with the state-of-the-art models, and our results showed outstanding accuracy of 99.98 %, AUC of 100 %, recall of 99.98 %, precision of 99.98 %, F1 of 99.98 %, and MCC of 99.66 % on SWaT data. On the WADI, we obtained an accuracy of 99.87 %, AUC of 100 %, recall of 99.87 %, precision of 99.87 %, F1-score of 99.87 %, and MCC of 98.20 %. The proposed GA-mADAM-IIoT is a generalized model that can be integrated with other IIoT security solutions, such as firewalls and access controls, to provide comprehensive security coverage in real time.
Read full abstract