SACNN‐IDS: A self‐attention convolutional neural network for intrusion detection in industrial internet of things

IF 8.4 2区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

CAAI Transactions on Intelligence Technology Pub Date : 2024-06-12 DOI:10.1049/cit2.12352

Mimonah Al Qathrady, Safi Ullah, Mohammed S. Alshehri, Jawad Ahmad, Sultan Almakdi, Samar M. Alqhtani, M. A. Khan, B. Ghaleb

{"title":"SACNN‐IDS: A self‐attention convolutional neural network for intrusion detection in industrial internet of things","authors":"Mimonah Al Qathrady, Safi Ullah, Mohammed S. Alshehri, Jawad Ahmad, Sultan Almakdi, Samar M. Alqhtani, M. A. Khan, B. Ghaleb","doi":"10.1049/cit2.12352","DOIUrl":null,"url":null,"abstract":"Industrial Internet of Things (IIoT) is a pervasive network of interlinked smart devices that provide a variety of intelligent computing services in industrial environments. Several IIoT nodes operate confidential data (such as medical, transportation, military, etc.) which are reachable targets for hostile intruders due to their openness and varied structure. Intrusion Detection Systems (IDS) based on Machine Learning (ML) and Deep Learning (DL) techniques have got significant attention. However, existing ML and DL‐based IDS still face a number of obstacles that must be overcome. For instance, the existing DL approaches necessitate a substantial quantity of data for effective performance, which is not feasible to run on low‐power and low‐memory devices. Imbalanced and fewer data potentially lead to low performance on existing IDS. This paper proposes a self‐attention convolutional neural network (SACNN) architecture for the detection of malicious activity in IIoT networks and an appropriate feature extraction method to extract the most significant features. The proposed architecture has a self‐attention layer to calculate the input attention and convolutional neural network (CNN) layers to process the assigned attention features for prediction. The performance evaluation of the proposed SACNN architecture has been done with the Edge‐IIoTset and X‐IIoTID datasets. These datasets encompassed the behaviours of contemporary IIoT communication protocols, the operations of state‐of‐the‐art devices, various attack types, and diverse attack scenarios.","PeriodicalId":46211,"journal":{"name":"CAAI Transactions on Intelligence Technology","volume":null,"pages":null},"PeriodicalIF":8.4000,"publicationDate":"2024-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CAAI Transactions on Intelligence Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1049/cit2.12352","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial Internet of Things (IIoT) is a pervasive network of interlinked smart devices that provide a variety of intelligent computing services in industrial environments. Several IIoT nodes operate confidential data (such as medical, transportation, military, etc.) which are reachable targets for hostile intruders due to their openness and varied structure. Intrusion Detection Systems (IDS) based on Machine Learning (ML) and Deep Learning (DL) techniques have got significant attention. However, existing ML and DL‐based IDS still face a number of obstacles that must be overcome. For instance, the existing DL approaches necessitate a substantial quantity of data for effective performance, which is not feasible to run on low‐power and low‐memory devices. Imbalanced and fewer data potentially lead to low performance on existing IDS. This paper proposes a self‐attention convolutional neural network (SACNN) architecture for the detection of malicious activity in IIoT networks and an appropriate feature extraction method to extract the most significant features. The proposed architecture has a self‐attention layer to calculate the input attention and convolutional neural network (CNN) layers to process the assigned attention features for prediction. The performance evaluation of the proposed SACNN architecture has been done with the Edge‐IIoTset and X‐IIoTID datasets. These datasets encompassed the behaviours of contemporary IIoT communication protocols, the operations of state‐of‐the‐art devices, various attack types, and diverse attack scenarios.

查看原文本刊更多论文

SACNN-IDS：用于工业物联网入侵检测的自关注卷积神经网络

工业物联网（IIoT）是一个由相互连接的智能设备组成的无处不在的网络，可在工业环境中提供各种智能计算服务。一些 IIoT 节点运行着机密数据（如医疗、交通、军事等），由于其开放性和多样的结构，成为敌对入侵者可以接触到的目标。基于机器学习（ML）和深度学习（DL）技术的入侵检测系统（IDS）备受关注。然而，现有的基于 ML 和 DL 的 IDS 仍然面临着许多必须克服的障碍。例如，现有的深度学习方法需要大量数据才能有效发挥作用，而这在低功耗和低内存设备上是不可行的。不平衡和较少的数据可能导致现有 IDS 性能低下。本文提出了一种自注意卷积神经网络（SACNN）架构，用于检测物联网网络中的恶意活动，并提出了一种适当的特征提取方法来提取最重要的特征。所提出的架构有一个计算输入注意力的自注意力层和处理分配注意力特征以进行预测的卷积神经网络（CNN）层。已利用 Edge-IIoTset 和 X-IIoTID 数据集对拟议的 SACNN 架构进行了性能评估。这些数据集涵盖了当代物联网通信协议的行为、最先进设备的操作、各种攻击类型以及各种攻击场景。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

CAAI Transactions on Intelligence Technology COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-

CiteScore

11.00

自引率

3.90%

发文量

134

审稿时长

35 weeks

期刊介绍： CAAI Transactions on Intelligence Technology is a leading venue for original research on the theoretical and experimental aspects of artificial intelligence technology. We are a fully open access journal co-published by the Institution of Engineering and Technology (IET) and the Chinese Association for Artificial Intelligence (CAAI) providing research which is openly accessible to read and share worldwide.