Abstract
The dominant intrusion detection models in internet of things industrial internet of things cybersecurity use network-based datasets. The Modbus protocol is one of the most often targeted protocols and cyberattacks against IoT/IIoT devices have grown to be a major threat in recent years. Due to the intricacy of the protocol and the quick evolution of cyber threats, detecting these attacks using conventional techniques might be difficult. This paper proposes an architecture that consistently outperforms the state-of-the-art methods of performing intrusion Detection that includes binary classification of whether an intrusion occurred or not and multi-class classification that classifies the different types of attacks using an embedding layer in a neural network to model the register values. The best accuracy results were obtained with a convolutional neural network, with an accuracy of 98.91% in the Modbus Binary dataset, a fully connected neural network with an accuracy of 98.06% in the multi-class classification of the Modbus dataset, and long short-term memory neural networks with an accuracy of 99.97%, 99.7%, and 80.20% in Binary, multi-class, and multi-class sub-categories, respectively which conclude that the proposed architecture performs consistently better than the control NN. Three NN are designed with and without the proposed architecture. All experiments performed in this paper conclude that the proposed architecture performs consistently better than the control NN. This paper shows that a NN with an embedding function can effectively be used to model whether an attack occurred on a device and the class of attack that occurred. This network can be utilized in the future to lessen DoS attacks and other types of network attacks. The network will be able to protect itself against a lot of damage if attacks can be predicted either before they occur or at the same moment they are launched.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig8_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig9_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig10_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig11_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig12_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig13_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig14_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig15_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig16_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig17_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig18_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig19_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig20_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig21_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig22_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig23_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig24_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig25_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig26_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10586-023-04028-4/MediaObjects/10586_2023_4028_Fig27_HTML.png)
Similar content being viewed by others
Data availability
All codes used in this paper are available from. https://github.com/THIERNOGUEYE12/modbus_journal
Change history
29 June 2023
A Correction to this paper has been published: https://doi.org/10.1007/s10586-023-04092-w
References
Jabbar, W.A., Alsibai, M.H., Amran, N.S.S., Mahayadin, S.K.: Design and implementation of IoT-based automation system for smart home. Int. Symp. Netw. Comput. Commun. (2018). https://doi.org/10.1109/ISNCC.2018.8531006
A. S. Gillis, "What is the internet of things (IoT)?," 10 2022. [Online]. Available: https://www.techtarget.com/iotagenda/definition/Internet-of-Things-IoT.
ITU, "Internet of Things Global Standards Initiative," 14 2015. [Online]. Available: https://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx.
Kumar, S., Tiwari, P., Zymbler, M.: Internet of things is a revolutionary approach for future technology enhancement: a review. J. Big Data (2019). https://doi.org/10.1186/s40537-019-0268-2
Boyes, H., Hallaq, B., Cunningham, J., Watson, T.: The industrial internet of things (IIoT): An analysis framework. Comput. Ind. 101, 1–12 (2018)
Abu Al-Haija, Q., Al-Dala’ien, M. A.: ELBA-IoT: an ensemble learning model for botnet attack detection in IoT networks. J. Sens. Actuator Netw. 11(1), 18 (2022)
Abu Al-Haija, Q., Zein-Sabatto, S.: An efficient deep-learning-based detection and classification system for cyber-attacks in IoT communication networks. Electronics 9(12), 2152 (2020)
Kefalakis, N., Roukounaki, A. and Soldatos, J., 2019, May. A configurable distributed data analytics infrastructure for the industrial Internet of Things. In 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS) (pp. 179–181). IEEE.
Gupta, R., Gupta, I., Singh, A.K., Saxena, D., Lee, C.N.: An iot-centric data protection method for preserving security and privacy in cloud. IEEE Sys. J. (2022). https://doi.org/10.1109/JSYST.2022.3218894
Li, X., Wang, Q., Lan, X., Chen, X., Zhang, N., Chen, D.: Enhancing cloud-based IoT security through trustworthy cloud service: an integration of security and reputation approach. IEEE Access 7, 9368–9383 (2019)
S. Raza, L. Wallgren and T. Voigt, SVELTE: Real-time intrusion detection in the Internet of Things, Ad Hoc Networks, pp. 2661–2674, 2013.
A. Bannister, AirTag clone bypassed Apple’s tracking-protection features, claims researcher, 22 2022. [Online]. Available: https://portswigger.net/daily-swig/airtag-clone-bypassed-apples-tracking-protection-features-claims-researcher
C. Cyrus, "IoT Cyberattacks Escalate in 2021, According to Kaspersky," 17 2021. [Online]. Available: https://www.iotworldtoday.com/2021/09/17/iot-cyberattacks-escalate-in-2021-according-to-kaspersky/
Kaspersky, 43% of businesses don’t protect their full IoT suite, 1 2022. [Online]. Available: https://www.kaspersky.com/about/press-releases/2022_43-of-businesses-dont-protect-their-full-iot-suite
Checkpoint, Intrusion Detection System (IDS) 10 2022. [Online]. Available: https://www.checkpoint.com/cyber-hub/network-security/what-is-an-intrusion-detection-system-ids/.
Moustafa, N., Hu, J., Slay, J.: A holistic review of network anomaly detection systems: a comprehensive survey. J. Net. Comput. Appl. 128, 33–55 (2019)
Sisinni, E., Saifullah, A., Han, S., Jennehag, U., Gidlund, M.: Industrial internet of things: challenges opportunities and directions. IEEE Trans. Ind. Inform. 14(11), 4724–4734 (2018)
Xu, L.D., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Ind. Inform. 10(4), 2233–2243 (2014)
Zarpelão, B.B., Miani, R.S., Kawakani, C.T., Alvarenga, S.C.: A survey of intrusion detection in internet of things. J. Net. Comput. Appl. 84, 25–37 (2017)
Alam, T.: A reliable communication framework and its use in internet of things (IoT). Int. J. Sci. Res. Comput. Sci. Eng. Inform. Technol. 5(3), 450–456 (2018)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set, In IEEE Symposium on Computational Intelligence for Security and Defense Applications. ON, Canada, Ottawa (2009)
N. Moustafa and J. Slay, 2015 UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), In The annual Military Communications and Information Systems (MilCIS) Conference, Canberra, ACT, Australia
I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, 2018 Toward generating a new intrusion detection dataset and intrusion traffic characterization. The International Conference on Information Systems Security and Privacy
Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., Anwar, A.: TON_IoT telemetry dataset: a new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access 8, 165130–165150 (2020)
Goldberg, Y.: Neural Network Methods in Natural Language Processing (Synthesis Lectures on Human Language Technologies). Morgan & Claypool Publishers, San Rafael (2017)
TensorFlow, Word embedding, 10 2022. [Online]. Available: https://www.tensorflow.org/text/guide/word_embeddings.
PyTorch, Embedding, 2019. [Online]. Available: https://pytorch.org/docs/stable/generated/torch.nn.Embedding.html.
Jurafsky, D, Martin, JH: Speech and Language Processing, Upper Saddle River. Prentice Hall NJ (2000)
I. Ullah and Q. H. Mahmoud, 2020 A Scheme for Generating a Dataset for Anomalous Activity Detection in IoT Networks. Advances in Artificial Intelligence. Canadian AI 508–520
H. Kang, D. H. Ahn, G. M. Lee, J. D. Yoo, K. H. Park and H. K. Kim, IoT Network Intrusion Dataset 27 2019. [Online]. Available: https://ieee-dataport.org/open-access/iot-network-intrusion-dataset#files.
I. Ullah and Q. H. Mahmoud, IoT Intrusion Dataset, 15 2021. [Online]. Available: https://sites.google.com/view/iot-network-intrusion-dataset/home.
B. Phillips, E. Gamess and S. Krishnaprasad, An Evaluation of Machine Learning-based Anomaly Detection in a SCADA System Using the Modbus Protocol, In ACM Southeast Conference, Tampa, FL, USA, 2020.
T. Morris, R. Vaughn and Y. Dandass 2011 A Testbed for SCADA Control System Cybersecurity Research and Pedagogy, In Proceedings of the 7th Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, TN, USA,.
S. D. Anton, S. Kanoor, D. Fraunholz and H. D. Schotten, 2018 Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data Set, in Proceedings of the 13th International Conference on Availability, Reliability and Security
A. Lemay and J. M. Fernandez, 2016 Providing SCADA Network Data Sets for Intrusion Detection Research, 9th Workshop on Cyber Security Experimentation and Test (CSET 16) Austin TX USA
A. Hijazi, E. A. E. Safadi and J.-M. Flaus, 2018 A Deep Learning Approach for Intrusion Detection System in Industry Network, in The first international conference on Big Data and Cybersecurity intelligence, Beirut, Lebanon
D. P. Kingma and J. Ba, 2014 Adam: A Method for Stochastic Optimization. ar**v,.
Malwarebytes, 2022 Backdoor computing attacks, 7. [Online]. Available: https://www.malwarebytes.com/backdoor.
IBM, 2021 Injection attacks, 8. [Online]. Available: https://www.ibm.com/docs/en/snips/4.6.0?topic=categories-injection-attacks.
T. Nelso and M. Chaffin, 2011 Common Cybersecurity Vulnerabilities in Industrial Control Systems, Control Syst. Secur. Program. Washington DC: Dept. Homeland Secur. (DHS) Nat. Cyber Secur. Division, Washington DC,.
Chen, Q.: Chapter Three - Toward realizing self-protecting healthcare information systems: design and security challenges. In: Advances in Computers, pp. 113–149. Elsevier, Amsterdam (2019)
J. Manico, J. Williams, D. Wichers, A. Weidman, Roman, A. Jex, A. Smith, J. Knutson, Imifos, E. Yalon, Kingthorin and V. Khanna, 2022 Cross Site Scripting (XSS) 7 [Online]. Available: https://owasp.org/www-community/attacks/xss/.
Churcher, A., Ullah, R., Ahmad, J., ur Rehman, S., Masood, F., Gogate, M., Alqahtani, F., Nour, B., Buchanan, W.J.: An experimental analysis of attack classification using machine learning in IoT networks. Sensors 21(2), 1–32 (2021)
UNSW Canberra at ADFA, 2021 The Bot-IoT Dataset, UNSW Sydney, 2 [Online]. Available: https://research.unsw.edu.au/projects/bot-iot-dataset. [Accessed 28 September 2022].
Khan, M.A., Khan, M.A., Jan, S.U., Ahmad, J., Jamal, S.S., Shah, A.A., Pitropakis, N., Buchanan, W.J.: A deep learning-based intrusion detection system for MQTT enabled IoT. Sensors 21(21), 1–25 (2021)
Hindy, H., Tachtatzis, C., Atkinson, R., Bayne, E., Bellekens, X.: A taxonomy of network threats and the effect of current datasets on intrusion detection systems. IEEE Access 8, 104650–104675 (2020)
2020. [Online]. Available: https://ieee-dataport.org/open-access/mqtt-iot-ids2020-mqtt-internet-things-intrusion-detection-dataset. [Accessed 28 September 2022].
Sobin, C.C.: A survey on architecture, protocols and challenges in IoT. Wireless Pers. Commun. 112(3), 1383–1429 (2020)
Uviase, O., Kotonya, G.: IoT architectural framework: connection and integration framework for IoT systems. Electron. Proc. Theor. Comput. Sci. 264, 1–17 (2018)
Ferrari, P., Rinaldi, S., Sisinni, E., Colombo, F., Ghelfi, F., Maffei, D. and Malara, M., 2019 Performance evaluation of full-cloud and edge-cloud architectures for Industrial IoT anomaly detection based on deep learning. In 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4. 0&IoT) (pp. 420–425). IEEE.
Shakya, S., Pulchowk, L.N., Smys, S.: Anomalies detection in fog computing architectures using deep learning. J. Trends Comput. Sci. Smart Technol 2(1), 46–55 (2020)
Vaiyapuri, T., Sbai, Z., Alaskar, H., Alaseem, N.A.: Deep learning approaches for intrusion detection in IIoT networks–opportunities and future directions. Int. J. Adv. Comput. Sci. Appl. (2021). https://doi.org/10.14569/IJACSA.2021.0120411
Albulayhi, K., Abu Al-Haija, Q., Alsuhibany, S.A., Jillepalli, A.A., Ashrafuzzaman, M., Sheldon, F.T.: IoT intrusion detection using machine learning with a novel high-performing feature selection method. Appl. Sci. 12(10), 5015 (2022)
Abu Al-Haija, Q., Al Badawi, A., Bojja, G.R.: Boost-defence for resilient IoT networks: a head-to-toe approach. Expert. Syst. 39(10), e12934 (2022)
Abu Al-Haija, Q., Al-Badawi, A.: Attack-Aware IoT network traffic routing leveraging ensemble learning. Sensors 22(1), 241 (2021)
Hassan, M.M., Gumaei, A., Huda, S., Almogren, A.: Increasing thetrustworthiness in the industrial IoT networks through a reliable cyber-attack detection model. IEEE Trans. Ind. Informat. 16(9), 6154–6162 (2020)
Saharkhizan, A., Azmoodeh, A., Dehghantanha, K.-K.-R., andR. M. Parizi,: An ensemble of deep recurrent neural networks for detectingIoT cyber attacks using network traffic. IEEE Int. Things J. 7(9), 8852–8859 (2020)
Ambika, P.: Machine learning and deep learning algorithms on the Industrial Internet of Things (IIoT). Adv. Comput. 117(1), 321–338 (2020)
Williams, R.; McMahon, E.; Samtani, S.; Patton, M.; Chen, H. Identifying vulnerabilities of consumer Internet of Things (IoT)devices: A scalable approach. In Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics(ISI), Bei**g, China, 22–24 July 2017; IEEE: New York, NY, USA, 2017; pp. 179–181.
Nayak, J., Meher, S.K., Souri, A., Naik, B., Vimal, S.: Extreme learning machine and bayesian optimization-driven intelligentframework for IoMT cyber-attack detection. J. Supercomput. 78, 14866–14891 (2022)
Husnain, M., Hayat, K., Cambiaso, E., Fayyaz, U.U., Mongelli, M., Akram, H., Ghazanfar Abbas, S., Shah, G.A.: Preventing MQTTVulnerabilities using IoT-enabled intrusion detection system. Sensors 22(2), 567 (2022)
Funding
This research was funded by the National key R&D plan (2022YFB3304000); the Shaanxi Province Key Research and Development Projects (2021LLRH08 and 2022GXLH-02-15); the Science and technology planning project of **an (20KYPT0002-1); the Emerging Interdisciplinary Project of Northwestern Polytechnical University (22GH0306); and the Fundamental Research Funds for the Central Universities (3102022gxb002). National Key Research and Development Program of China, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502, 2019QY(Y)0502
Author information
Authors and Affiliations
Contributions
TG: Conceptualization, Methodology, Validation, Data Curation, Formal Analysis, Investigation, writing—Original Draft Preparation.; Yw: Funding Acquisition, Project Administration, Supervision.; MR and SZ: Data Curation, Technical Writing, Visualizations, Writing—Review & Editing; RTM: Writing-Review & Editing; SZ: Data Curation, Visualization, Writing—Review & Editing; RTM: Data curation, analysis, Writing—Review & Editing.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The original online version of this article was revised: Authors affiliations have been indicated correctly and the affiliation ‘Manufacturing Engineering Department, University of Engineering and Technology, Lahore, Pakistan’ has been removed from the article.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Gueye, T., Wang, Y., Rehman, M. et al. A novel method to detect cyber-attacks in IoT/IIoT devices on the modbus protocol using deep learning. Cluster Comput 26, 2947–2973 (2023). https://doi.org/10.1007/s10586-023-04028-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-023-04028-4