A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning

The dominant intrusion detection models in internet of things industrial internet of things cybersecurity use network-based datasets. The Modbus protocol is one of the most often targeted protocols and cyberattacks against IoT/IIoT devices have grown to be a major threat in recent years. Due to the intricacy of the protocol and the quick evolution of cyber threats, detecting these attacks using conventional techniques might be difficult. This paper proposes an architecture that consistently outperforms the state-of-the-art methods of performing intrusion Detection that includes binary classification of whether an intrusion occurred or not and multi-class classification that classifies the different types of attacks using an embedding layer in a neural network to model the register values. The best accuracy results were obtained with a convolutional neural network, with an accuracy of 98.91% in the Modbus Binary dataset, a fully connected neural network with an accuracy of 98.06% in the multi-class classification of the Modbus dataset, and long short-term memory neural networks with an accuracy of 99.97%, 99.7%, and 80.20% in Binary, multi-class, and multi-class sub-categories, respectively which conclude that the proposed architecture performs consistently better than the control NN. Three NN are designed with and without the proposed architecture. All experiments performed in this paper conclude that the proposed architecture performs consistently better than the control NN. This paper shows that a NN with an embedding function can effectively be used to model whether an attack occurred on a device and the class of attack that occurred. This network can be utilized in the future to lessen DoS attacks and other types of network attacks. The network will be able to protect itself against a lot of damage if attacks can be predicted either before they occur or at the same moment they are launched.

Automated summary

This paper proposes a neural network-based intrusion detection model that utilizes an embedding layer to model register values. It effectively distinguishes whether an attack occurred and the type of attack, outperforming state-of-the-art methods. The experiments confirm the superior performance of the proposed architecture.