Gulzar Qawsar, Mustafa Khurram
Department of Computer Science, Jamia Millia Islamia, Okhla, New Delhi, 110025, India.
Sci Rep. 2025 Jul 22;15(1):26575. doi: 10.1038/s41598-025-89650-5.
The reliability of Industrial Control Systems (ICS) is crucial given their substantial importance in society and business. These systems are susceptible to physical and cyber-attacks, which can seriously affect human life and the economy. Given the growing prevalence of Internet of Things (IoT) technologies and the possibility of cyber warfare, it is essential to prioritize safeguarding Industrial Control Systems (ICS) from cyberattacks. Previous studies revealed an imbalance in the ICS datasets. As a result, models didn't do well in minority classes but did well in majority classes, which made the intrusion detection system (IDS) less useful. The key objective is to provide insights into the normal functioning of the system and the disruptions produced by cyberattacks. In this study, we introduced an interdisciplinary framework that aims to enhance network intrusion detection systems (NIDSs). In this framework, we introduced an IDS via feature selection and feature reduction technique(s) with the attention-driven lightweight deep neural networks: Deep Recurrent Neural Networks (RNN), Deep Long Short-Term Memory (LSTM), and Deep Bi-directional Long Short-Term Memory (Bi-LSTM). Several feature selection techniques exclude features that fail to match the specified criteria. We employed Sparse Principal Component Analysis (SPCA) to extract higher-order features. We conducted experiments on the three datasets: the Secure Water Treatment System (SWaT), the Water Distribution (WADI), and the Gas Heating Loop (GHL). Among the models used in the framework, the attention-driven Deep LSTM model produced better results than the others, revealing lower training and testing times for the three datasets. In terms of precision, recall, F1-score, computational speed, and ability to work with larger datasets and different ICSs, the proposed framework is better than previous methods in detecting cyberattacks. This highlights how useful it is in the real world.
工业控制系统(ICS)的可靠性至关重要,因为它们在社会和商业中具有重大意义。这些系统容易受到物理和网络攻击,这可能会严重影响人类生活和经济。鉴于物联网(IoT)技术的日益普及以及网络战的可能性,必须优先保护工业控制系统(ICS)免受网络攻击。先前的研究表明ICS数据集存在不平衡。因此,模型在少数类上表现不佳,但在多数类上表现良好,这使得入侵检测系统(IDS)的作用降低。关键目标是深入了解系统的正常运行情况以及网络攻击所造成的破坏。在本研究中,我们引入了一个跨学科框架,旨在增强网络入侵检测系统(NIDS)。在这个框架中,我们通过特征选择和特征约简技术,结合注意力驱动的轻量级深度神经网络:深度循环神经网络(RNN)、深度长短期记忆网络(LSTM)和深度双向长短期记忆网络(Bi-LSTM),引入了一种入侵检测系统。几种特征选择技术会排除不符合指定标准的特征。我们采用稀疏主成分分析(SPCA)来提取高阶特征。我们在三个数据集上进行了实验:安全水处理系统(SWaT)、配水系统(WADI)和燃气加热回路(GHL)。在该框架中使用的模型中,注意力驱动的深度LSTM模型比其他模型产生了更好的结果,显示出这三个数据集的训练和测试时间更短。在精度、召回率、F1分数、计算速度以及处理更大数据集和不同ICS的能力方面,所提出的框架在检测网络攻击方面比以前的方法更好。这凸显了它在现实世界中的实用性。
