SpringerLink
Log in

A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning

  • Published:
Cluster Computing Aims and scope Submit manuscript

A Correction to this article was published on 29 June 2023

This article has been updated

Abstract

The dominant intrusion detection models in internet of things industrial internet of things cybersecurity use network-based datasets. The Modbus protocol is one of the most often targeted protocols and cyberattacks against IoT/IIoT devices have grown to be a major threat in recent years. Due to the intricacy of the protocol and the quick evolution of cyber threats, detecting these attacks using conventional techniques might be difficult. This paper proposes an architecture that consistently outperforms the state-of-the-art methods of performing intrusion Detection that includes binary classification of whether an intrusion occurred or not and multi-class classification that classifies the different types of attacks using an embedding layer in a neural network to model the register values. The best accuracy results were obtained with a convolutional neural network, with an accuracy of 98.91% in the Modbus Binary dataset, a fully connected neural network with an accuracy of 98.06% in the multi-class classification of the Modbus dataset, and long short-term memory neural networks with an accuracy of 99.97%, 99.7%, and 80.20% in Binary, multi-class, and multi-class sub-categories, respectively which conclude that the proposed architecture performs consistently better than the control NN. Three NN are designed with and without the proposed architecture. All experiments performed in this paper conclude that the proposed architecture performs consistently better than the control NN. This paper shows that a NN with an embedding function can effectively be used to model whether an attack occurred on a device and the class of attack that occurred. This network can be utilized in the future to lessen DoS attacks and other types of network attacks. The network will be able to protect itself against a lot of damage if attacks can be predicted either before they occur or at the same moment they are launched.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Canada)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27

Similar content being viewed by others

Data availability

All codes used in this paper are available from. https://github.com/THIERNOGUEYE12/modbus_journal

Change history

References

  1. Jabbar, W.A., Alsibai, M.H., Amran, N.S.S., Mahayadin, S.K.: Design and implementation of IoT-based automation system for smart home. Int. Symp. Netw. Comput. Commun. (2018). https://doi.org/10.1109/ISNCC.2018.8531006

    Article  Google Scholar 

  2. A. S. Gillis, "What is the internet of things (IoT)?," 10 2022. [Online]. Available: https://www.techtarget.com/iotagenda/definition/Internet-of-Things-IoT.

  3. ITU, "Internet of Things Global Standards Initiative," 14 2015. [Online]. Available: https://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx.

  4. Kumar, S., Tiwari, P., Zymbler, M.: Internet of things is a revolutionary approach for future technology enhancement: a review. J. Big Data (2019). https://doi.org/10.1186/s40537-019-0268-2

    Article  Google Scholar 

  5. Boyes, H., Hallaq, B., Cunningham, J., Watson, T.: The industrial internet of things (IIoT): An analysis framework. Comput. Ind. 101, 1–12 (2018)

    Article  Google Scholar 

  6. Abu Al-Haija, Q., Al-Dala’ien, M. A.: ELBA-IoT: an ensemble learning model for botnet attack detection in IoT networks. J. Sens. Actuator Netw. 11(1), 18 (2022)

    Article  Google Scholar 

  7. Abu Al-Haija, Q., Zein-Sabatto, S.: An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9(12), 2152 (2020)

    Article  Google Scholar 

  8. Kefalakis, N., Roukounaki, A. and Soldatos, J., 2019, May. A configurable distributed data analytics infrastructure for the industrial Internet of Things. In 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS) (pp. 179–181). IEEE.

  9. Gupta, R., Gupta, I., Singh, A.K., Saxena, D., Lee, C.N.: An iot-centric data protection method for preserving security and privacy in cloud. IEEE Sys. J. (2022). https://doi.org/10.1109/JSYST.2022.3218894

    Article  Google Scholar 

  10. Li, X., Wang, Q., Lan, X., Chen, X., Zhang, N., Chen, D.: Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7, 9368–9383 (2019)

    Article  Google Scholar 

  11. S. Raza, L. Wallgren and T. Voigt, SVELTE: Real-time intrusion detection in the Internet of Things, Ad Hoc Networks, pp. 2661–2674, 2013.

  12. A. Bannister, AirTag clone bypassed Apple’s tracking-protection features, claims researcher, 22 2022. [Online]. Available: https://portswigger.net/daily-swig/airtag-clone-bypassed-apples-tracking-protection-features-claims-researcher

  13. C. Cyrus, "IoT Cyberattacks Escalate in 2021, According to Kaspersky," 17 2021. [Online]. Available: https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky/

  14. Kaspersky, 43% of businesses don’t protect their full IoT suite, 1 2022. [Online]. Available: https://www.kaspersky.com/about/press-releases/2022_43-of-businesses-dont-protect-their-full-iot-suite

  15. Checkpoint, Intrusion Detection System (IDS) 10 2022. [Online]. Available: https://www.checkpoint.com/cyber-hub/network-security/what-is-an-intrusion-detection-system-ids/.

  16. Moustafa, N., Hu, J., Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Net. Comput. Appl. 128, 33–55 (2019)

    Article  Google Scholar 

  17. Sisinni, E., Saifullah, A., Han, S., Jennehag, U., Gidlund, M.: Industrial internet of things: challenges opportunities and directions. IEEE Trans. Ind. Inform. 14(11), 4724–4734 (2018)

    Article  Google Scholar 

  18. Xu, L.D., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Ind. Inform. 10(4), 2233–2243 (2014)

    Article  Google Scholar 

  19. Zarpelão, B.B., Miani, R.S., Kawakani, C.T., Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Net. Comput. Appl. 84, 25–37 (2017)

    Article  Google Scholar 

  20. Alam, T.: A reliable communication framework and its use in internet of things (IoT). Int. J. Sci. Res. Comput. Sci. Eng. Inform. Technol. 5(3), 450–456 (2018)

    Google Scholar 

  21. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set, In IEEE Symposium on Computational Intelligence for Security and Defense Applications. ON, Canada, Ottawa (2009)

    Google Scholar 

  22. N. Moustafa and J. Slay, 2015 UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), In The annual Military Communications and Information Systems (MilCIS) Conference, Canberra, ACT, Australia

  23. I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, 2018 Toward generating a new intrusion detection dataset and intrusion traffic characterization. The International Conference on Information Systems Security and Privacy

  24. Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., Anwar, A.: TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8, 165130–165150 (2020)

    Article  Google Scholar 

  25. Goldberg, Y.: Neural Network Methods in Natural Language Processing (Synthesis Lectures on Human Language Technologies). Morgan & Claypool Publishers, San Rafael (2017)

    Book  Google Scholar 

  26. TensorFlow, Word embedding, 10 2022. [Online]. Available: https://www.tensorflow.org/text/guide/word_embeddings.

  27. PyTorch, Embedding, 2019. [Online]. Available: https://pytorch.org/docs/stable/generated/torch.nn.Embedding.html.

  28. Jurafsky, D, Martin, JH: Speech and Language Processing, Upper Saddle River. Prentice Hall NJ (2000)

    Google Scholar 

  29. I. Ullah and Q. H. Mahmoud, 2020 A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks. Advances in Artificial Intelligence. Canadian AI 508–520

  30. H. Kang, D. H. Ahn, G. M. Lee, J. D. Yoo, K. H. Park and H. K. Kim, IoT Network Intrusion Dataset 27 2019. [Online]. Available: https://ieee-dataport.org/open-access/iot-network-intrusion-dataset#files.

  31. I. Ullah and Q. H. Mahmoud, IoT Intrusion Dataset, 15 2021. [Online]. Available: https://sites.google.com/view/iot-network-intrusion-dataset/home.

  32. B. Phillips, E. Gamess and S. Krishnaprasad, An Evaluation of Machine Learning-based Anomaly Detection in a SCADA System Using the Modbus Protocol, In ACM Southeast Conference, Tampa, FL, USA, 2020.

  33. T. Morris, R. Vaughn and Y. Dandass 2011 A Testbed for SCADA Control System Cybersecurity Research and Pedagogy, In Proceedings of the 7th Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, TN, USA,.

  34. S. D. Anton, S. Kanoor, D. Fraunholz and H. D. Schotten, 2018 Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data Set, in Proceedings of the 13th International Conference on Availability, Reliability and Security

  35. A. Lemay and J. M. Fernandez, 2016 Providing SCADA Network Data Sets for Intrusion Detection Research, 9th Workshop on Cyber Security Experimentation and Test (CSET 16) Austin TX USA

  36. A. Hijazi, E. A. E. Safadi and J.-M. Flaus, 2018 A Deep Learning Approach for Intrusion Detection System in Industry Network, in The first international conference on Big Data and Cybersecurity intelligence, Beirut, Lebanon

  37. D. P. Kingma and J. Ba, 2014 Adam: A Method for Stochastic Optimization. ar**v,.

  38. Malwarebytes, 2022 Backdoor computing attacks, 7. [Online]. Available: https://www.malwarebytes.com/backdoor.

  39. IBM, 2021 Injection attacks, 8. [Online]. Available: https://www.ibm.com/docs/en/snips/4.6.0?topic=categories-injection-attacks.

  40. T. Nelso and M. Chaffin, 2011 Common Cybersecurity Vulnerabilities in Industrial Control Systems, Control Syst. Secur. Program. Washington DC: Dept. Homeland Secur. (DHS) Nat. Cyber Secur. Division, Washington DC,.

  41. Chen, Q.: Chapter Three - Toward realizing self-protecting healthcare information systems: design and security challenges. In: Advances in Computers, pp. 113–149. Elsevier, Amsterdam (2019)

    Google Scholar 

  42. J. Manico, J. Williams, D. Wichers, A. Weidman, Roman, A. Jex, A. Smith, J. Knutson, Imifos, E. Yalon, Kingthorin and V. Khanna, 2022 Cross Site Scripting (XSS) 7 [Online]. Available: https://owasp.org/www-community/attacks/xss/.

  43. Churcher, A., Ullah, R., Ahmad, J., ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., Buchanan, W.J.: An experimental analysis of attack classification using machine learning in IoT networks. Sensors 21(2), 1–32 (2021)

    Article  Google Scholar 

  44. UNSW Canberra at ADFA, 2021 The Bot-IoT Dataset, UNSW Sydney, 2 [Online]. Available: https://research.unsw.edu.au/projects/bot-iot-dataset. [Accessed 28 September 2022].

  45. Khan, M.A., Khan, M.A., Jan, S.U., Ahmad, J., Jamal, S.S., Shah, A.A., Pitropakis, N., Buchanan, W.J.: A deep learning-based intrusion detection system for MQTT enabled IoT. Sensors 21(21), 1–25 (2021)

    Article  Google Scholar 

  46. Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E., Bellekens, X.: A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8, 104650–104675 (2020)

    Article  Google Scholar 

  47. 2020. [Online]. Available: https://ieee-dataport.org/open-access/mqtt-iot-ids2020-mqtt-internet-things-intrusion-detection-dataset. [Accessed 28 September 2022].

  48. Sobin, C.C.: A survey on architecture, protocols and challenges in IoT. Wireless Pers. Commun. 112(3), 1383–1429 (2020)

    Article  Google Scholar 

  49. Uviase, O., Kotonya, G.: IoT architectural framework: connection and integration framework for IoT systems. Electron. Proc. Theor. Comput. Sci. 264, 1–17 (2018)

    Article  Google Scholar 

  50. Ferrari, P., Rinaldi, S., Sisinni, E., Colombo, F., Ghelfi, F., Maffei, D. and Malara, M., 2019 Performance evaluation of full-cloud and edge-cloud architectures for Industrial IoT anomaly detection based on deep learning. In 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4. 0&IoT) (pp. 420–425). IEEE.

  51. Shakya, S., Pulchowk, L.N., Smys, S.: Anomalies detection in fog computing architectures using deep learning. J. Trends Comput. Sci. Smart Technol 2(1), 46–55 (2020)

    Article  Google Scholar 

  52. Vaiyapuri, T., Sbai, Z., Alaskar, H., Alaseem, N.A.: Deep learning approaches for intrusion detection in IIoT networks–opportunities and future directions. Int. J. Adv. Comput. Sci. Appl. (2021). https://doi.org/10.14569/IJACSA.2021.0120411

    Article  Google Scholar 

  53. Albulayhi, K., Abu Al-Haija, Q., Alsuhibany, S.A., Jillepalli, A.A., Ashrafuzzaman, M., Sheldon, F.T.: IoT intrusion detection using machine learning with a novel high-performing feature selection method. Appl. Sci. 12(10), 5015 (2022)

    Article  Google Scholar 

  54. Abu Al-Haija, Q., Al Badawi, A., Bojja, G.R.: Boost-defence for resilient IoT networks: a head-to-toe approach. Expert. Syst. 39(10), e12934 (2022)

    Article  Google Scholar 

  55. Abu Al-Haija, Q., Al-Badawi, A.: Attack-Aware IoT network traffic routing leveraging ensemble learning. Sensors 22(1), 241 (2021)

    Article  Google Scholar 

  56. Hassan, M.M., Gumaei, A., Huda, S., Almogren, A.: Increasing thetrustworthiness in the industrial IoT networks through a reliable cyber-attack detection model. IEEE Trans. Ind. Informat. 16(9), 6154–6162 (2020)

    Article  Google Scholar 

  57. Saharkhizan, A., Azmoodeh, A., Dehghantanha, K.-K.-R., andR. M. Parizi,: An ensemble of deep recurrent neural networks for detectingIoT cyber attacks using network traffic. IEEE Int. Things J. 7(9), 8852–8859 (2020)

    Article  Google Scholar 

  58. Ambika, P.: Machine learning and deep learning algorithms on the Industrial Internet of Things (IIoT). Adv. Comput. 117(1), 321–338 (2020)

    Article  Google Scholar 

  59. Williams, R.; McMahon, E.; Samtani, S.; Patton, M.; Chen, H. Identifying vulnerabilities of consumer Internet of Things (IoT)devices: A scalable approach. In Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics(ISI), Bei**g, China, 22–24 July 2017; IEEE: New York, NY, USA, 2017; pp. 179–181.

  60. Nayak, J., Meher, S.K., Souri, A., Naik, B., Vimal, S.: Extreme learning machine and bayesian optimization-driven intelligentframework for IoMT cyber-attack detection. J. Supercomput. 78, 14866–14891 (2022)

    Article  Google Scholar 

  61. Husnain, M., Hayat, K., Cambiaso, E., Fayyaz, U.U., Mongelli, M., Akram, H., Ghazanfar Abbas, S., Shah, G.A.: Preventing MQTTVulnerabilities using IoT-enabled intrusion detection system. Sensors 22(2), 567 (2022)

    Article  Google Scholar 

Download references

Funding

This research was funded by the National key R&D plan (2022YFB3304000); the Shaanxi Province Key Research and Development Projects (2021LLRH08 and 2022GXLH-02-15); the Science and technology planning project of **an (20KYPT0002-1); the Emerging Interdisciplinary Project of Northwestern Polytechnical University (22GH0306); and the Fundamental Research Funds for the Central Universities (3102022gxb002). National Key Research and Development Program of China, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502

Author information

Authors and Affiliations

  1. Industry Engineering Department, School of Mechanical Engineering, Northwestern Polytechnical University, **an, 710072, China

    Thierno Gueye, Yanen Wang, Mudassar Rehman & Ray Tahir Mushtaq

  2. Industrial and Manufacturing Engineering Department, University of Engineering and Technology, Lahore, 54890, Pakistan

    Mudassar Rehman & Sadaf Zahoor

Authors
  1. Thierno Gueye
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mudassar Rehman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ray Tahir Mushtaq
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sadaf Zahoor
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

TG: Conceptualization, Methodology, Validation, Data Curation, Formal Analysis, Investigation, writing—Original Draft Preparation.; Yw: Funding Acquisition, Project Administration, Supervision.; MR and SZ: Data Curation, Technical Writing, Visualizations, Writing—Review & Editing; RTM: Writing-Review & Editing; SZ: Data Curation, Visualization, Writing—Review & Editing; RTM: Data curation, analysis, Writing—Review & Editing.

Corresponding author

Correspondence to Yanen Wang.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original online version of this article was revised: Authors affiliations have been indicated correctly and the affiliation ‘Manufacturing Engineering Department, University of Engineering and Technology, Lahore, Pakistan’ has been removed from the article.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gueye, T., Wang, Y., Rehman, M. et al. A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning. Cluster Comput 26, 2947–2973 (2023). https://doi.org/10.1007/s10586-023-04028-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-023-04028-4

Keywords

Search

Navigation