Protecting against cyber-attacks in Cyber-Physical Systems and the Industrial Internet of Things remains a significant challenge. Industrial environments are facing increasing threats from evolving network-based attacks. We focus on improving reliable and efficient intrusion detection mechanisms. Our goal is to enhance security while maintaining computational efficiency. We evaluate our approach using the CIC-IDS2017 dataset, which contains diverse real-world attack scenarios. Existing systems rely on static models that lack temporal dependency learning. Many approaches fail to capture sequential attack patterns effectively. Traditional methods often suffer from high false positives and low adaptability. Moreover, they tend to ignore redundancy and privacy concerns during processing. Our proposed approach integrates correlation-based feature selection with clustering techniques. We utilize a Bidirectional Long Short-Term Memory network with attention. A Graph Convolutional Neural Network is used as a baseline model in this research. Our hybrid model captures both temporal and structural dependencies effectively. It prioritizes important features using scaled dot-product attention. Experimental results show an accuracy of 99.12 percent for our model. Our proposed network achieves precision of 98.87 percent and recall of 98.65 percent. The F1-score reaches 98.76 percent with an AUC of 0.99. These results clearly outperform existing models.
Introduction
This study focuses on enhancing cybersecurity in Cyber-Physical Systems (CPS) integrated with the Industrial Internet of Things (IIoT), which are increasingly used in modern industries such as manufacturing, energy, and critical infrastructure. CPS-IIoT systems combine physical processes, sensors, communication networks, and computational intelligence to improve productivity, automation, and operational efficiency. However, their growing connectivity and reliance on heterogeneous devices significantly increase vulnerability to cyberattacks, making security a major concern.
Traditional security and intrusion detection methods are often ineffective in CPS-IIoT environments due to the diversity of devices, communication protocols, operating systems, and network architectures. Conventional machine learning techniques can detect known attack patterns but struggle with large-scale datasets, distributed IoT environments, and previously unseen (zero-day) attacks. Existing intrusion detection systems (IDS) are primarily designed for traditional IT networks and are not well suited to the real-time and resource-constrained nature of CPS-IIoT systems.
To address these challenges, the study proposes a hybrid intrusion detection framework specifically designed for CPS-IIoT environments. The framework combines advanced data preprocessing, feature engineering, deep learning, and attention mechanisms to improve attack detection accuracy and system efficiency. Key contributions include:
Data preprocessing and feature engineering, including label encoding, min-max normalization, information gain analysis, and correlation-based feature selection to reduce dimensionality and eliminate redundant features.
Correlation-Based Feature Selection (CBFS) to identify the most relevant network traffic features and improve model performance.
A Hybrid Temporal Attention Model that combines Bidirectional Long Short-Term Memory (Bi-LSTM) networks with a scaled dot-product attention mechanism to capture temporal dependencies and focus on the most significant traffic patterns.
An Intrusion Detection and Classification Module capable of detecting both known and unknown cyberattacks while accurately classifying attack types.
Comparative evaluation using a Graph Convolutional Neural Network (GCNN) as a baseline model.
The methodology begins with cleaning and normalizing network traffic data, followed by feature selection using Pearson correlation and information gain. The selected features are then processed through the Bi-LSTM network to learn sequential traffic patterns, while the attention mechanism emphasizes the most critical features. Finally, a softmax-based classification layer identifies normal and malicious traffic and categorizes attack types.
Experiments were conducted using the CICIDS2017 dataset, which contains approximately 594,000 network traffic records, including both benign traffic and various cyberattacks such as DoS, DDoS, PortScan, SQL Injection, and Heartbleed attacks. The dataset underwent preprocessing, normalization, balancing, and feature reduction before training and testing.
The proposed model achieved excellent performance with:
Accuracy: 98.63%
Precision: Approximately 99%
Recall: Approximately 99%
High F1-score and AUC values
Low false positive and false negative rates
The results demonstrate that the hybrid framework effectively detects and classifies both known and emerging cyber threats while maintaining high efficiency and scalability. By integrating feature selection, Bi-LSTM networks, and attention mechanisms, the proposed intrusion detection system provides a robust solution for securing CPS-IIoT environments against increasingly sophisticated cyberattacks.
Conclusion
This study presents a hybrid intrusion detection methodology that integrates a Graph Convolutional Neural Network, a Bidirectional Long Short-Term Memory network with attention mechanisms, and a hybrid correlation-attention model. The proposed system effectively discerns both structural and temporal patterns inherent in network traffic. The results indicate an accuracy of 98.63%, with precision and recall values also close to 0.99. The model\'s reliability is further substantiated by its low rates of both false positives and false negatives. Unlike simpler models, the hybrid methodology shows better performance and stability in Cyber-Physical Systems and the Industrial Internet of Things.
Future improvements to the model will include real-time data processing and adaptive learning methods. Moreover, we plan to investigate lightweight attention models to further reduce computational costs. Future work will also consider expanding the model to classify multi-class attacks and testing it on a wider variety of datasets. Moreover, using explainable methods will help clarify how the model makes decisions.
References
[1] Sun, P.; Liu, P.; Li, Q.; Liu, C.; Lu, X.; Hao, R.; Chen, J. DL-IDS: Extracting features using CNN-LSTM hybrid network for intrusion detection system. Secur. Commun. Netw. 2020, 2020, 8890306.
[2] Ansari, M.S.; Bartoš, V.; Lee, B. GRU-based deep learning approach for network intrusion alert prediction. Future Gener. Comput. Syst. 2022, 128, 235–247.
[3] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis and E. K. Markakis, \"A Survey on the Internet of Things (IoT) Forensics: Challenges, Approaches, and Open Issues,\" in IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 1191-1221, Secondquarter 2020, doi: 10.1109/COMST.2019.2962586.
[4] M. Saharkhizan, A. Azmoodeh, A. Dehghantanha, K. -K. R. Choo and R. M. Parizi, \"An Ensemble of Deep Recurrent Neural Networks for Detecting IoT Cyber Attacks Using Network Traffic,\" in IEEE Internet of Things Journal, vol. 7, no. 9, pp. 8852-8859, Sept. 2020, doi: 10.1109/JIOT.2020.2996425
[5] M. Hassan, S. Huda, S. Sharmeen, J. Abawajy and G. Fortino, \"An adaptive trust boundary protection for IIoT networks using deep-learning feature extraction based semi-supervised model,\" in IEEE Transactions on Industrial Informatics, doi: 10.1109/TII.2020.3015026.
[6] L. Li, J. Yan, H. Wang, and Y. Jin, \"Anomaly Detection of Time Series with Smoothness-Inducing Sequential Variational Auto-Encoder,\" IEEE Transactions on Neural Networks and Learning Systems, 2020. [11] J. Wu, Z. Zhao, C. Sun, R. Yan and X. Chen, \"Fault-Attention Generative Probabilistic Adversarial Autoencoder for Machine Anomaly Detection,\" in IEEE Transactions on Industrial Informatics, vol. 16, no. 12, pp. 7479- 7488, Dec. 2020, doi: 10.1109/TII.2020.2976752.
[7] X. Wang, Y. Han, V. C. M. Leung, D. Niyato, X. Yan and X. Chen, \"Convergence of Edge Computing and Deep Learning: A Comprehensive Survey,\" in IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 869-904, Secondquarter 2020, doi: 10.1109/COMST.2020.2970550.
[8] M. Shafiq, Z. Tian, A. K. Bashir, X. Du and M. Guizani, \"CorrAUC: a Malicious Bot-IoT Traffic Detection Method in IoT Network Using Machine Learning Techniques,\" in IEEE Internet of Things Journal, doi: 10.1109/JIOT.2020.3002255.
[9] M. A. Al-Garadi, A. Mohamed, A. K. Al-Ali, X. Du, I. Ali and M. Guizani, \"A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security,\" in IEEE Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1646-1685, thirdquarter 2020, doi: 10.1109/COMST.2020.2988293.
[10] Bu, S.J.; Cho, S.B. Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection. In Proceedings of the ICASSP 2021–2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Toronto, ON, Canada, 6–11 June 2021; pp. 2685–2689.
[11] Sarhan, M.; Layeghy, S.; Gallagher, M.; Portmann, M. From Zero-Shot Machine Learning to Zero-Day Attack Detection. arXiv 2021, arXiv:2109.14868.
[12] Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J. Survey of intrusion detection systems: Techniques, datasets and challenges. Cybersecurity 2019, 2, 20.
[13] Tabassum, A.; Erbad, A.; Lebda, W.; Mohamed, A.; Guizani, M. FEDGAN-IDS: Privacy-preserving IDS using GAN and Federated Learning. Comput. Commun. 2022, 192, 299–310.
[14] Friha, O.; Ferrag, M.A.; Benbouzid, M.; Berghout, T.; Kantarci, B.; Choo, K.-K.R. 2DF-IDS: Decentralized and differentially private federated learning-based intrusion detection system for industrial IoT. Comput. Secur. 2023, 127, 103097.
[15] Sharma, B.; Sharma, L.; Lal, C.; Roy, S. Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning based approach. Expert Syst. Appl. 2024, 238, 121751.
[16] Ghansah, F.A.; Lu, W. Cyber-physical systems and digital twins for “cognitive building” in the construction industry. Constr. Innov. 2023, 25, 787–818.
[17] Ferrag, M.A.; Shu, L.; Maglaras, L.; Derhab, A. Deep learning for cybersecurity: Threats and countermeasures in the Internet of Things. IEEE Commun. Surv. Tutor. 2020, 22, 982–1010.
[18] Yaacoub, J.P.; Salman, O.; Noura, H.N.; Kaaniche, N.; Chehab, A.; Malli, M. Cyber-physical systems security: Limitations, issues and future trends. Microprocess. Microsyst. 2020, 77, 103201.
[19] Alladi, T.; Chamola, V.; Zeadally, S. Industrial control systems: Cyberattack trends and countermeasures. Comput. Commun. 2020, 155, 1–8.
[20] Olowononi, F.O.; Rawat, D.B.; Liu, C. Resilient machine learning for networked cyber physical systems: A survey for machine learning security to securing machine learning for cps. IEEE Commun. Surv. Tutor. 2020, 23, 524–552.