HYRIDE: HYbrid and Robust Intrusion DEtection approach for enhancing cybersecurity in Industry 4.0

Abstract

The interconnectedness and smartness aspect between several components of Industry 4.0 has caused sudden increase in data and its exchange, which has resulted in significant cybersecurity challenges. Thus, a better threat intelligence technique is required for monitoring and identifying malicious cyberattacks. However, distinguishing between a normal event and a cyberattack can be difficult because label information is mostly unavailable. Therefore, it is imperative to develop a threat intelligence system that operates more effectively without supervision, i.e., without a label. Additionally, reducing the false positive rate in cyber threat detection is a more promising step for a safer and more reliable environment. Also, the enormous number of features in the data for intrusion detection tasks sometimes results in significant computing costs. Therefore, a novel hybrid feature selection based unsupervised intrusion detection system is proposed, which is termed as HYbrid and Robust Intrusion DEtection (HYRIDE), that uses a wide variety of feature selection techniques to obtain the fewest, best possible features. The local outlier factor, elliptic envelope, and histogram-based outlier score models are then trained using these features to identify threats in network traffic automatically. As a result, HYRIDE can effectively and efficiently distinguish between normal events and intrusions. The proposed methodology is empirically evaluated using popular datasets such as Telemetry datasets of Internet of Things (IoT) services, Operating systems datasets of Windows and Linux, as well as datasets of Network traffic (TON_IoT), University of New South Wales-Network Benchmark (UNSW-NB15), and Canadian Institute of Cybersecurity Intrusion Detection System (CICIDS 2017).