Identification of malicious activities in industrial internet of things based on deep learning models

Internet Industrial Control Systems (IICSs) that connect technological appliances and services with physical systems have become a new direction of research as they face different types of cyber-attacks that threaten their success in providing continuous services to organizations. Such threats cause firms to suffer financial and reputational losses and the stealing of important information. Although Network Intrusion Detection Systems (NIDSs) have been proposed to protect against them, they have the difficult task of collecting information for use in developing an intelligent NIDS which can proficiently detect existing and new attacks. In order to address this challenge, this paper proposes an anomaly detection technique for IICSs based on deep learning models that can learn and validate using information collected from TCP/IP packets. It includes a consecutive training process executed using a deep auto-encoder and deep feedforward neural network architecture which is evaluated using two well-known network datasets, namely, the NSL-KDD and UNSW-NB15. As the experimental results demonstrate that this technique can achieve a higher detection rate and lower false positive rate than eight recently developed techniques, it could be implemented in real IICS environments.