AOA-SMA-EGRUAttNet: A hybrid feature selection and dual-stream attention-based intrusion detection framework for IIoT systems

Abstract

The rapid expansion of the Industrial Internet of Things (IIoT) has introduced unprecedented opportunities for smart industrial automation. Yet, it also exposes critical systems to various sophisticated cyber threats. Traditional Intrusion Detection Systems (IDS) often struggle with the complexity, heterogeneity, and class imbalance inherent in IIoT environments, leading to high false alarm rates and suboptimal generalization. This paper addresses these limitations by proposing a novel hybrid intrusion detection framework, AOA-SMA-EGRUAttNet, that unites advanced feature selection and dual-stream deep learning to enhance detection accuracy and interpretability. The core motivation is to improve the computational efficiency and classification robustness of IDS models through targeted dimensionality reduction and context-aware temporal learning. The framework integrates the Archimedes Optimization Algorithm (AOA) and Slime Mould Algorithm (SMA) for hybrid feature selection, optimizing subsets based on classification relevance, redundancy, and processing cost. Selected features are fed into the Enhanced GRU-Attention Network (E-GRUAttNet), a lightweight dual-stream model combining gated recurrent units and parallel attention mechanisms. Experimental evaluation across four benchmark IIoT datasets: CICAPT-IIoT, Edge-IIoTset, X-IIoTID, and WUSTL-IIoT-2021, demonstrates that the proposed method consistently outperforms state-of-the-art baselines in accuracy (up to 98.9%) and macro-F1 score, while achieving over 55% feature reduction. Ablation studies and statistical analyses confirm the significance and robustness of each component. This paper contributes a scalable and interpretable IDS architecture that meets the evolving demands of industrial cybersecurity, providing a strong foundation for future adaptive detection systems in critical infrastructures.