Optimal Hybrid Deep Learning Enabled Attack Detection and Classification in IoT Environment

1  Introduction

The rapid progression of the Internet of Things (IoT) phenomenon in industrial sectors has increased the susceptibility of crucial network structures to severe cyber-attacks. The Industrial IoT (IIoT) environment helps resolve several intractable problems in the industry by providing real-time response systems and permitting the self-controlling systems to function separately [1]. To ensure an effective roll-out of the IIoT applications, it is important to investigate the security problems in detail and overcome them. To be specific, it is highly complex to detect stealthy assaults like False Data Injection Attacks (FDIA) on Predictive Maintenance (PdM) mechanisms because of the nature of the attack [2]. In False Data Injection Attack (FDIA), an attacker stealthily negotiates the dimensions from the IoT sensors. Likewise, the manipulated sensor dimensions evade the sensor’s fundamental ‘faulty data’ recognition system and proliferate to hide the resultant values of the sensors. ‘False Data Injection’ (FDI) attack is a type of major assault that can affect these mechanisms. In general, the FDI attacks cause severe issues in industrial structures. It corrupts the sensor dimensions to deceive the assaulted industrial platform [3].

The FDI assaults are applied by intruding on the data processing programs, sensors, and sensor communication structures. These attacks tend not to showcase their effects on the PdM mechanism [4]. However, the attack proliferates from the sensor to the Machine Learning (ML) part of the PdM mechanism and misleads the network by predicting the deferred asset failure or maintaining the interval. This mechanism tends to incur heavy losses in terms of human lives, and at times, it also results in the unintended failure of dangerous applications [5]. With the help of the latest DL approaches, the engine can forecast its future demands, execute adjustments, and save about 15% of fuel usage. But, the susceptibility of the sensor attacks towards these ML-related and IoT engines is considered a crucial challenge [6]. The existing sensor attack recognition solutions in the Cyber-Physical Systems (CPS) and IoT fields are inadequate to address this problem. This is attributed to the fact that whenever such traditional systems are positioned separately among the millions of sensors, it suffers from scalability issues and source overhead since several IoT networks face constraint in terms of energy [7].

The FDIAs tend to harm the external elements, resulting in enormous economic loss and life-threatening cases [8]. Thus, it becomes necessary to detect and prevent the FDIAs in any serious structure [9]. Several prevailing solutions are either theoretical or only implement the methods in cyberspace, like Intrusion Prevention Systems (IPS) that are generally utilized for protecting traditional computer networks. The existing methods lack specific security properties and cannot handle critical infrastructure, high rate of events, the requirement for real-time detection and interaction requirement, a pro-active defense, and a complicated cyber and physical interface [10]. In this background, the current research work attempts to overcome the issues with the help of ML approaches to detect injection attacks.

1.1 Existing FDI Detection Approaches

Aboelwafa et al. [11] proposed a new approach for FDI attack recognition with the help of Auto Encoders (AEs). It exploited the sensor information about time and space, and the proposed method excelled in classifying the falsified data. In addition, the falsified data was also cleaned with the help of the Denoising Autoencoders (DAEs). The performance was estimated to demonstrate the proposed approach’s achievement in identifying the FDI attacks. It also considerably demonstrated a Support Vector Machine (SVM)-based method to achieve a similar goal. Alromih et al. [12] examined a Randomized Watermarking Filtering Scheme (RWFS) for IoT applications, offering an en-route filter to remove the injected data at an initial communication phase. The injected data were filtered based on a watermark applied in the original information and embedded directly from arbitrary places throughout the packet payload. This mechanism utilized the Homomorphic Encryption approaches to conceal the reported measurement in several adversaries.

In literature [13], a Hybrid GSW (Gentry, Sahai, and Waters) and DM (Ducas and Micciancio)-related Fully Homomorphic Encryption (HGSW–DM–FHE) approach was presented to control the FDIA in privacy-preserving data aggregation in the fog computing environment. The presented HGSW–DM–FHE method was found to be extremely fault-tolerant, and the data aggregation procedure in another device did not impact even in the case of the failure of fog devices. Moudoud et al. [14] introduced a hierarchical structure to secure the 5G-enabled IoT networks and a security method to forecast and recognize FDIA and DDoS attacks. The presented security approach was developed based on the Markov stochastic procedure. The method tracked every network device’s performance and utilised a range-based behaviour-sifting policy. Wang et al. [15] examined a DL-related Locational Detection (DLLD) structure to find the particular places of FDIA on a real-time basis. The DLLD structure was developed by combining the Convolutional Neural Network (CNN) with a typical Bad Data Detector (BDD). The BDD was utilized to remove the minimum quality data. The modified CNN was utilized for multi-label classification to capture the inconsistency and co-occurrence dependencies from the power flow measurement because of potential attacks.

1.2 Paper Contribution

The current research article develops a Hybrid Deep Learning to Combat Sophisticated False Data Injection Attacks detection (HDL-FDIAD) in the IoT environment. The presented HDL-FDIAD model exploits the Equilibrium Optimizer-based Feature Selection (EO-FS) technique to select the optimal subset of features. Moreover, the Long Short-Term memory with Recurrent Neural Network (LSTM-RNN) model is utilized for classification. At last, the Bayesian Optimization (BO) algorithm is employed as a hyperparameter optimizer in this study. To validate the enhanced performance of the proposed HDL-FDIAD model, a wide range of simulations was conducted, and the results were investigated under different measures.

2  Materials and Methods

The current research article proposes a novel HDL-FDIAD model to determine the FDI attacks in the IoT environment. The HDL-FDIAD model exploits the EO-FS technique to select the optimal subset of features. Moreover, the BO with LSTM-RNN model is also utilized for classification. Fig. 1 illustrates the block diagram of the proposed HDL-FDIAD approach.

Figure 1: Block diagram of the HDL-FDIAD approach

2.1 Feature Subset Selection Process

The HDL-FDIAD model exploits the EO-FS technique to select the optimal subset of features. EO is a dynamic mass balance approach that functions to control the volume of the data [16]. An arithmetical expression is applied in this stage to characterize the mass balance and describe the focus of the non-reactive components in a dynamic controlled environment. Further, this expression functions with different strategies with source and sink variations. The whole theoretical description of the EO phase is described herewith. An arbitrary population is initialized through uniform distribution of the numbers based on the particle amount and dimension in the searching area, as given below.

Ciinitial=Cmin+randi(Cmax−Cmin)i=1,2,…,n(1)

In Eq. (1), Ciinitial denotes the vector of the initial concentration of the i−th particle, Cmin and Cmax indicate the lower limit and upper limit, respectively, randi denotes a uniformly-distributed value that lies in the range of 0 and 1, and n describes the population size. In order to define the equilibrium state (i.e., global optimal), a pool of four optimal candidates is chosen to identify the encompassing alternative particles by corresponding to the arithmetical mean of the four particles. A particle is gathered by processing a pooling vector as given below.

C→eq.pool={C→eq(1),C→eq(2),C→eq(3),C→eq(4),C→eq(ave)}(2)

During the evolution process, the initialized particle upgrades the concentration from the primary generation based on C→eq(1). In the following generation, the upgraded value is denoted by C→eq(ave). Subsequently, each particle with a solution candidate is upgraded as per the conclusion of the evolution process. The exponential term F demonstrates that the EO technique accomplishes a suitable balance between intensification and diversification. λ is an arbitrary value that lies in the range of 0 and 1 to control the turn-over rate to a realistic control volume.

F⇀=e−λ⇀(t−t0)(3)

In Eq. (3), t denotes the iterative count (Iter).

t=(1−IterMax−iter)(a2IterMax−iter)(4)

In Eq. (4), Iter=currentiteration, Max_iter= maximum iteration and the variable a2 are applied to manage the exploitation ability of EO. To ensure convergence and improve the global value along with the local searching ability of the approach, the following equation is applied.

t0⇀=1λ⇀ln(−a1sign(r⇀−0.5)[1−e−λ⇀t])+t(5)

In this expression, a1 and a2 are applied to control the global and local searching abilities of the EO method. The sign (r⇀−0.5) corresponds to the value nearby the exploration and exploitation paths. In EO, the values of a1 and a2 are chosen as two and one. The term is modified using the following expression by substituting Eq. (5) in Eq. (3).

F⇀=a1sign(r⇀−0.5)[e−λ⇀t−1](6)

The generation rate in the EO approach is applied as a time function to improve the exploitation phase. The first-order exponential decay procedure from the multi-purpose generative method is defined herewith.

G⇀=G⇀0e−k⇀(t−t0)(7)

In Eq. (7), G0= primary value and k= decay variable. At last, the generation rate is considered as k=λ.

G⇀=G⇀0e−λ⇀(t−t0)=G⇀0F⇀0(8)

Now, G0 is evaluated by using Eq. (9):

G⇀0=GC⇀P(C⇀eq−λ⇀C⇀)(9)

GC⇀P={0.5r1,r2≥00,r2<0(10)

Here r1,r2 correspond to two arbitrary integers that lie in the range of 0 and 1. GCP indicates the control generation rate. Using the above-mentioned equation, the last-upgraded concentration (particle) equation is given below.

C⇀=C⇀eq+(C⇀−C⇀eq)F⇀+G⇀λ⇀V(1−F⇀)(11)

The upgraded equation has an equilibrium concentration, a global search and a local search to accomplish the exact solutions. The fitness function of the EO-FS method assumes the classification accuracy and the number of selected features. It increases the classification accuracy and reduces the set size of the selected features. Thus, the subsequent fitness function is utilized to evaluate the individual solutions, as displayed in Eq. (12).

Fitness=α∗ErrorRate+(1−α)∗#SF#All_F(12)

Here, ErrorRate refers to the classification error rate calculated with the selected features’ help.

2.2 FDI Detection and Classification Process

In this stage, the LSTM-RNN model is utilized for the purpose of classification. Generally, a Feedforward Neural Network (FFNN) can be defined below [17].

Y=F(X,θ)(13)

X={x1,x2,…,xn} refers to an input set

Y={y1,y2,…,ym} stands for an output set

F stands for an FFNN module.

θ refers to a parameter set of the module.

In the classification module, Y represents a set of classes. CNN is a kind of FFNN and is employed to perform semantic segmentation, image classification and the target recognition process. Unlike other NNs, the CNN mechanism contains convolution and pooling layers. The convolution layer aims to extract the local features of the input dataset. Fig. 2 demonstrates the framework of the LSTM method.

YF=Conv(X,θCONV)(14)

Figure 2: Structure of the LSTM approach

Conv. is a convolution layer, whereas YF is a feature subset extracted by the convolution layer from X. θC0NV is a parameter set in the convolution layer. The aim of the pooling layer is to compress the local feature, thus highlighting the feature.

YCF=Poo1(YFrθPool)(15)

Pool is a pooling layer, Whereas YCF represents a set of compressed features. Here, the CNN and the pooling layer from YF are combined and presented. θPool is a parameter set in the pooling layer. In a classification module, CNN contains an FC layer and a Softmax layer and both are incorporated along with the front-end of the RNN layer to form a CRNN mechanism. Y=F(X,θ) categorizes the features. Here, Y=F(X,θ) of CNN is F(X,θ) of CNN, as given below.

Y=Softmax(FC(Pool(Conv(X,θCONV),θpool),θFC))(16)

The fully-connected layer is an FC layer, whereas Softmax denotes one Softmax layer. RNN is an alternative version of the FFNN model and is mainly employed for datasets with a sequential architecture, such as speech recognition, machine translation and so on. LSTM-RNN is a widely-applied RNN method that can resolve the gradient vanishing problems with memory cells to store long-term data. As a classification method, the LSTM-RNN approach contains the Softmax layer and the FC layer.

y=F(X,θ) of LSTM-RNN is given by:

y=Softmax(FC(LSTM(x,θLSTM),θFC))(17)

LSTM is one LSTM layer.

2.3 Hyperparameter Tuning Process

At last, the BO algorithm is employed as a hyperparameter optimizer in this study. It is a sequential method used for the optimization of the black-box function (x) parameters. The presented method shows effectiveness for the method configured initially, and now it becomes a common solution [18]. The BO approach integrates the previous output to estimate a response surface function f^(x) and applies f^(x) to select the following configuration, xn. Further, it also estimates f(Xn) through a true black-box function that estimates the subsequent output through the estimated performance, f(xn). The procedure is repeated sequentially until the ending condition is satisfied. In order to buildthe response surface of f^(x), the three most common selections are used for ML problems, such as the RF regressor, Tree-structured Parzen Estimator and the Gaussian process. The algorithm utilizes the acquisition function that offers a trade-off between the exploitation and exploration phases. In this study, the black-box function (x) characterizes the performance i.e., predictive error or accuracy of the DNN using a configuration model x which is extremely non-convex. Further, f(x) is estimated in an arbitrary point x. However, the individual estimation takes a significant number of times since the evaluation of f(x) involves the training process of the DNN procedure.

:

3  Results and Discussion

In this section, the FDI attack detection performance of the proposed HDL-FDIAD model was validated using two datasets, namely, power system dataset and water treatment dataset. The first power system dataset holds 22,714 samples under normal class and 9,582 samples under FDIA class. Similarly, the water treatment dataset includes 395,298 samples under normal and 54,621 samples under FDIA class. The HDL-FDIAD model selected a set of 128 features and 84 features from the databases under study. Table 1 illustrates the details of both datasets.

Table 2 and Fig. 3 show the results offered by the HDL-FDIAD model and other existing models on power dataset [19]. The experimental outcomes confirm that the proposed HDL-FDIAD model gained effectual outcomes on both the class labels. With respect to precn, the HDL-FDIAD model identified the normal class samples with a maximum precn of 91.92%, whereas the Naïve Bayes (NB), SVM, AdaBoost, k-Nearest Neighbor (KNN), Random Forest (RF), Logistic Regression (LR) and the Decision Tree (DT) models obtained the least precn values such as 82.44%, 84.08%, 82.31%, 85.03%, 89.35%, 83.93% and 83.08% respectively. Also, in relation to precn, the proposed HDL-FDIAD model identified the FDIA class samples with a maximum precn of 96.71%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and DT models gained the least precn values such as 80.06%, 81.87%, 84.94%, 81.80%, 94.12%, 83.61% and 85.88% correspondingly. Moreover, with regard to recal, the HDL-FDIAD method identified the normal class samples with a maximum recal of 93.36%. However, the NB, SVM, AdaBoost, KNN, RF, LR and the DT models reached the least recal values such as 82.90%, 85.49%, 88.63%, 84.56%, 90.41%, 83.93% and 82% correspondingly. Furthermore, with respect to recal, the HDL-FDIAD approach identified the FDIA class samples with a maximum recal of 97.23%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and DT models achieved the least recal values such as 87.59%, 83.26%, 85.44%, 81.38%, 93.49%, 85.74% and 83.94% correspondingly.

Figure 3: Average analysis results of the HDL-FDIAD approach on power dataset (a) Precn, (b) Recal, (c) Accuy, and (d) F1score

Table 3 portrays the results of the proposed HDL-FDIAD model and other existing models on the power dataset. The experimental outcomes infer that the proposed HDL-FDIAD method attained the effectual outcomes on both the class labels. In terms of accuy, the proposed HDL-FDIAD model identified the normal class samples with a maximum accuy of 95.94%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and DT models reached the least accuy values such as 88.17%, 88.66%, 84.08%, 86.99%, 92.62%, 81.55% and 84.39% correspondingly. In addition, with regards to accuy, the HDL-FDIAD method identified the FDIA class samples with a maximum accuy of 93.72%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model gained the least accuy values, such as 82.41%, 81.04%, 81.92%, 83.27%, 91.41%, 87.46% and 85.73% correspondingly. In addition to these, with respect to F1score, the HDL-FDIAD method identified the normal class samples with a maximum F1score of 91.08%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model attained the least F1score values, such as 82.25%, 86.14%, 88.28%, 81.1%, 83.11%, 83.84% and 84.26% correspondingly. Furthermore, with respect to F1score, the HDL-FDIAD method classified the FDIA class samples with a maximum F1score of 89.67%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model accomplished the least F1score values such as 80.71%, 80.99%, 82.49%, 84.25%, 82.42%, 86.26% and 83.13% correspondingly.

Both Training Accuracy (TA) and Validation Accuracy (VA) values, acquired by the proposed HDL-FDIAD method on Power Dataset, are shown in Fig. 4. The experimental outcomes infer that the HDL-FDIAD method achieved the maximal TA and VA values, whereas the VA values were higher than the TA values.

Figure 4: TA and VA analyses results of the HDL-FDIAD approach on the power dataset

Both Training Loss (TL) and Validation Loss (VL) values, achieved by the HDL-FDIAD approach on Power Dataset, are exhibited in Fig. 5. The experimental outcomes denote that the HDL-FDIAD algorithm established the least TL and VL values while the VL values were lesser than the TL values.

Figure 5: TL and VL analyses results of the HDL-FDIAD approach on power dataset

A clear precision-recall analysis was conducted on the HDL-FDIAD method using the Power Dataset and the results are displayed in Fig. 6. The figure denotes that the HDL-FDIAD method produced enhanced precision-recall values under all the classes.

Figure 6: Precision-recall analysis results of the HDL-FDIAD approach on power dataset

A brief ROC analysis was conducted on the HDL-FDIAD methodology using the Power Dataset, and the results are shown in Fig. 7. The results signify that the HDL-FDIAD approach established its ability in categorizing the Power dataset under distinct classes.

Figure 7: ROC analysis results of the HDL-FDIAD approach on power dataset

Table 4 and Fig. 8 show the results rendered by the proposed HDL-FDIAD model and other existing models on the Water Treatment dataset. The experimental outcomes confirm that the proposed HDL-FDIAD model reached the effectual outcomes on both the class labels. With respect to precn, the HDL-FDIAD model identified the normal class samples with a maximum precn of 99.12%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model attained the least precn values such as 98.89%, 96.39%, 96.87%, 95.56%, 94.54%, 95.11% and 98.20% correspondingly. Additionally, in terms of precn, the HDL-FDIAD model identified the FDIA class samples with a maximum precn of 98.56%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model gained the least precn values, such as 96.36%, 94.28%, 98.69%, 96.62%, 97.06%, 95.96% and 97.18% correspondingly. Furthermore, with respect to recal, the proposed HDL-FDIAD model identified the normal class samples with a maximum recal of 98.51%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model obtained the least recal values, such as 95.99%, 97.45%, 94.06%, 95.32%, 96.59%, 94.49% and 98.36% respectively. Additionally, with respect to recal, the proposed HDL-FDIAD model identified the FDIA class samples with a maximum recal of 99.09%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model obtained the least recal values, such as 95.26%, 97.92%, 96.61%, 94.77%, 97.02%, 96.63% and 95.29% respectively.

Figure 8: Average analysis results of the HDL-FDIAD approach on water treatment dataset (a) Precn, (b) Recal, (c) Accuy, and (d) F1score

Table 5 displays the results attained by the HDL-FDIAD method and other existing models on Water Treatment dataset. The experimental outcomes confirm that the HDL-FDIAD model obtained the effectual outcomes on both the class labels. With respect to accuy, the HDL-FDIAD technique identified the normal class samples with a maximum accuy of 98.82%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT algorithm attained the least accuy values, such as 96.24%, 95.35%, 95.10%, 94.24%, 95.21%, 94.99% and 95.88% correspondingly. Moreover, with respect to accuy, the proposed HDL-FDIAD approach identified the FDIA class samples with a maximum accuy of 98.56%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model obtained the least accuy values, such as 94.15%, 97.82%, 97.96%, 98.44%, 97.95%, 97% and 94.62% correspondingly. Additionally, with respect to F1score, the HDL-FDIAD model classified the normal class samples with a maximum F1score of 98.34%, whereas the NB, SVM, AdaBoost, KNN, RF, LR and the DT model accomplished the least F1score values, such as 94.32%, 96.34%, 97.94%, 97.16%, 95.59%, 95.59% and 99% correspondingly. Further, with respect to F1score, the HDL-FDIAD technique identified the FDIA class samples with a maximum F1score of 98.15%. In contrast, the NB, SVM, AdaBoost, KNN, RF, LR and the DT model attained the least F1score values such as 96.90%, 94.54%, 94.69%, 96.74%, 98.36%, 94.29% and 94.07% correspondingly.

Both TA and VA values, obtained by the HDL-FDIAD method on Water Treatment Dataset, are demonstrated in Fig. 9. The experimental outcomes denote that the HDL-FDIAD technique achieved the maximal TA and VA values. In contrast, the VA values were higher than the TA values.

Figure 9: TA and VA analyses results of the HDL-FDIAD approach on water treatment dataset

Both TL and VL values, achieved by the HDL-FDIAD approach on Water Treatment Dataset, are established in Fig. 10. The experimental outcomes imply that the proposed HDL-FDIAD algorithm exhibited the least TL and VL values. In contrast, the VL values were lesser than the TL values.

Figure 10: TL and VL analyses results of the HDL-FDIAD approach on water treatment dataset

A clear precision-recall analysis was conducted on the HDL-FDIAD method using the Water Treatment Dataset, and the results are portrayed in Fig. 11. The figure denotes that the HDL-FDIAD methodology achieved enhanced precision-recall values under all the classes.

Figure 11: Precision-recall analysis results of the HDL-FDIAD approach on water treatment dataset

A brief ROC analysis was conducted on the HDL-FDIAD method using the Water Treatment Dataset, and the results are shown in Fig. 12. The results indicate that the HDL-FDIAD method established its ability to categorise the Water Treatment dataset under distinct classes.

Figure 12: ROC analysis results of the HDL-FDIAD approach on water treatment dataset

4  Conclusion

The current research article has developed a novel HDL-FDIAD model to determine FDI attacks in the IoT environment. The HDL-FDIAD model exploits the EO-FS technique to select the optimal subset of features. Moreover, the LSTM-RNN model is utilized for the purpose of classification. At last, the BO algorithm is employed as a hyperparameter optimizer in this study. To validate the enhanced performance of the HDL-FDIAD model, a wide range of simulations was conducted, and the results were investigated in detail. The comparative study outcomes confirmed that the proposed HDL-FDIAD model is superior to other techniques. Thus, the HDL-FDIAD technique can be exploited to identify the FDI attacks in the IoT environment. In the future, the HDL-FDIAD model can be extended to cloud and fog computing environments too.

Funding Statement: The author received no specific funding for this study.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.