Blockchain and Deep Learning for Cyber Threat-Hunting in Software-Defined Industrial IoT

The softwarized infrastructure of Software-Defined Industrial Internet of Things (SDIIoT) offers a cost-effective solution to improve flexibility and reliability in network management but faces several critical challenges. First, th Majority of SDIIoT entities operate over wireless channel, which expose them to a variety of attacks (e.g., man-in-the-middle, replay, and impersonation attacks) and also the centralized nature of SDN controller is prone to single point attacks. Second, network traffic in the SDIIoT is associated with large scale, high dimension and redundant data, all of which present significant hurdles in the development of efficient flow analyzer. In this regard, we present a novel blockchain and Deep Learning (DL) integrated framework for protecting confidential information and hunting cyber threats against SDIIoT and their network traffic. First the blockchain module is proposed to securely transmit industrial data from IIoT sensors to controllers of SDN via forwarding nodes (i.e., OpenFLow switches) using Clique Proof-of-Authority (C-PoA) consensus mechanism. A novel flow analyzer based on DL architecture named LSTMSCAE-AGRU is designed by combining Long Short-Term Memory Stacked Contractive AutoEncoder (LSTMSCAE) with Attention-based Gated Recurrent Unit (AGRU) at the control plane. The latter first extracts low-dimensional features in an unsupervised manner, which is then fed to AGRU for hunting anomalous switch requests. The proposed framework can withstand a variety of well-known cyber threats and mitigate the single point of controller failure problem in SDIIoT.