Mitigating Zero-Day Vulnerabilities in IIoT Systems: Challenges and Advances in AI-Powered Intrusion Detection Systems
Article Sidebar
Main Article Content
Abstract
Zero-day attacks are one of the great challenges that intrusion detection systems have been facing and keep on facing today, especially worsening within Industrial Internet of Things environments since their ability to take advantage of unknown vulnerabilities results in a high rate of false negatives. It is under this framework that this paper presents a set of experiments that have been carried out with the objective of analyzing the consequences of zero-day attacks with regard to performance degradation in Intrusion Detection System (IDS) and, secondly, and with greater emphasis, about those failings which have been pointed out up to now as those affecting precision in detection. This has been done through the systematic review of 200 research papers published from the years 2023 to 2024, further categorized into the four main focus areas: general AI-based IDS, Machine learning (ML)-based IDS, Deep Learning (DL)-based IDS, and Deep Reinforcement Learning (DRL)-based IDS. Accordingly, 45% were DL-based IDS reviews; 35% related to machine learning; 15% consisted of the ones about DRL-based ones, while 5% pertain to the General AI-based ones. Results show that the approaches with DL-based systems will come up with extensive promises, reducing the impact brought by false negatives, besides extending the issues even when one considers a background of adversarial attack issues. It underlines that, in IDS, apart from accuracy, detection specificity and recall are also of essence for dealing with low frequent but high-impact zero-day threats. These techniques further make the following proposal: the use of both machine learning and deep learning techniques should be improved in enhancing the performance of IDS.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] D. Brecht, ‘Network Intrusion Detection Systems: a 101’, Http://Www.Brighthub.Com/, 2010, [Online]. Available: http://www.brighthub.com/computing/smb-security/articles/38389.aspx
[2] B. Alotaibi, ‘A Survey on Industrial Internet of Things Security: Requirements, Attacks, AI-Based Solutions, and Edge Computing Opportunities’, Sensors, vol. 23, no. 17, 2023, doi: 10.3390/s23177470.
[3] Y. Wu, B. Zou, and Y. Cao, ‘Current Status and Challenges and Future Trends of Deep Learning-Based Intrusion Detection Models’, 2024.
[4] F. Luo, J. Wang, X. Zhang, Y. Jiang, Z. Li, and C. Luo, ‘In-vehicle network intrusion detection systems: a systematic survey of deep learning-based approaches’, PeerJ Comput. Sci., vol. 9, 2023, doi: 10.7717/peerj-cs.1648.
[5] N. Alam and M. Ahmed, ‘Zero-day Network Intrusion Detection using Machine Learning Approach’, Int. J. Recent Innov. Trends Comput. Commun., vol. 11, no. October, pp. 194–201, 2023, doi: 10.17762/ijritcc.v11i8s.7190.
[6] Z. Dai et al., ‘An intrusion detection model to detect zero-day attacks in unseen data using machine learning’, PLoS One, vol. 19, no. 9, pp. 1–25, 2024, doi: 10.1371/journal.pone.0308469.
[7] M. A. Alsoufi et al., ‘Anomaly-based intrusion detection systems in iot using deep learning: A systematic literature review’, Appl. Sci., vol. 11, no. 18, 2021, doi: 10.3390/app11188383.
[8] ‘Cost of a data breach 2024 | IBM’. Accessed: Oct. 25, 2024. [Online]. Available: https://www.ibm.com/reports/data-breach
[9] ‘Home | Ponemon Institute’. Accessed: Oct. 25, 2024. [Online]. Available: https://www.ponemon.org/
[10] ‘ICS Patch Tuesday: Siemens, Schneider Electric, CISA Issue Advisories - SecurityWeek’. Accessed: Oct. 25, 2024. [Online]. Available: https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-cisa-issue-advisories/
[11] S. Soliman, W. Oudah, and A. Aljuhani, ‘Deep learning-based intrusion detection approach for securing industrial Internet of Things’, Alexandria Eng. J., vol. 81, no. May, pp. 371–383, 2023, doi: 10.1016/j.aej.2023.09.023.
[12] G. Karacayılmaz and H. Artuner, ‘A novel approach detection for IIoT attacks via artificial intelligence’, Cluster Comput., vol. 27, no. 8, pp. 10467–10485, 2024, doi: 10.1007/s10586-024-04529-w.
[13] R. Borgohain, ‘FuGeIDS: Fuzzy Genetic paradigms in Intrusion Detection Systems’, arXiv Prepr. arXiv1204.6416, pp. 1–7, 2012, [Online]. Available: http://arxiv.org/abs/1204.6416
[14] S. S. Hung and D. Shing-Min Liu, ‘A user-oriented ontology-based approach for network intrusion detection’, Comput. Stand. Interfaces, vol. 30, no. 1–2, pp. 78–88, 2008, doi: 10.1016/j.csi.2007.07.008.
[15] M. A. Jabbar and R. Aluvalu, ‘Intrusion detection system for the internet of things: A review’, IET Conf. Publ., vol. 2018, no. CP747, 2018, doi: 10.1049/cp.2018.1419.
[16] M. Almseidin, J. Al-Sawwa, and M. Alkasassbeh, ‘Anomaly-based Intrusion Detection System Using Fuzzy Logic’, 2021 Int. Conf. Inf. Technol. ICIT 2021 - Proc., pp. 290–295, 2021, doi: 10.1109/ICIT52682.2021.9491742.
[17] P. Binnar, S. Bhirud, and F. Kazi, ‘Security analysis of cyber physical system using digital forensic incident response’, Cyber Secur. Appl., vol. 2, no. December 2023, 2024, doi: 10.1016/j.csa.2023.100034.
[18] S. Age, C. Heng, F. Carrez, and K. Moessner, ‘Journal of Network and Computer Applications A lightweight SEL for attack detection in IoT / IIoT networks’, vol. 230, no. February, 2024.
[19] Y. Kayode Saheed, A. Idris Abiodun, S. Misra, M. Kristiansen Holone, and R. Colomo-Palacios, ‘A machine learning-based intrusion detection for detecting internet of things network attacks’, Alexandria Eng. J., vol. 61, no. 12, pp. 9395–9409, Dec. 2022, doi: 10.1016/j.aej.2022.02.063.
[20] A. Al-Bakaa and B. Al-Musawi, ‘A new intrusion detection system based on using non-linear statistical analysis and features selection techniques’, Comput. Secur., vol. 122, Nov. 2022, doi: 10.1016/j.cose.2022.102906.
[21] R. Alanazi and A. Aljuhani, ‘Anomaly Detection for Industrial Internet of Things Cyberattacks’, Comput. Syst. Sci. Eng., vol. 44, no. 3, pp. 2361–2378, 2023, doi: 10.32604/csse.2023.026712.
[22] R. Gopi et al., ‘Intelligent Intrusion Detection System for Industrial Internet of Things Environment’, Comput. Syst. Sci. Eng., vol. 44, no. 2, pp. 1567–1582, 2023, doi: 10.32604/csse.2023.025216.
[23] M. Eskandari, Z. H. Janjua, M. Vecchio, and F. Antonelli, ‘Passban IDS: An Intelligent Anomaly-Based Intrusion Detection System for IoT Edge Devices’, IEEE Internet Things J., vol. 7, no. 8, pp. 6882–6897, 2020, doi: 10.1109/JIOT.2020.2970501.
[24] G. Abdelmoumin, D. B. Rawat, and A. Rahman, ‘On the Performance of Machine Learning Models for Anomaly-Based Intelligent Intrusion Detection Systems for the Internet of Things’, IEEE Internet Things J., vol. 9, no. 6, pp. 4280–4290, 2022, doi: 10.1109/JIOT.2021.3103829.
[25] M. M. Alani and A. I. Awad, ‘An Intelligent Two-Layer Intrusion Detection System for the Internet of Things’, IEEE Trans. Ind. Informatics, vol. 19, no. 1, pp. 683–692, 2023, doi: 10.1109/TII.2022.3192035.
[26] Z. Lv, D. Chen, R. Lou, and H. Song, ‘Industrial Security Solution for Virtual Reality’, IEEE Internet Things J., vol. 8, no. 8, pp. 6273–6281, 2021, doi: 10.1109/JIOT.2020.3004469.
[27] M. Abdel-Basset, V. Chang, H. Hawash, R. K. Chakrabortty, and M. Ryan, ‘Deep-IFS: Intrusion Detection Approach for Industrial Internet of Things Traffic in Fog Environment’, IEEE Trans. Ind. Informatics, vol. 17, no. 11, pp. 7704–7715, Nov. 2021, doi: 10.1109/TII.2020.3025755.
[28] I. A. Khan, M. Keshk, D. Pi, N. Khan, Y. Hussain, and H. Soliman, ‘Enhancing IIoT networks protection: A robust security model for attack detection in Internet Industrial Control Systems’, Ad Hoc Networks, vol. 134, Sep. 2022, doi: 10.1016/j.adhoc.2022.102930.
[29] P. B M, N. G. M, and M. S. Hema, ‘Towards an effective deep learning-based intrusion detection system in the internet of things’, Telemat. Informatics Reports, vol. 7, Sep. 2022, doi: 10.1016/j.teler.2022.100009.
[30] J. Ahmad, S. A. Shah, S. Latif, F. Ahmed, Z. Zou, and N. Pitropakis, ‘DRaNN_PSO: A deep random neural network with particle swarm optimization for intrusion detection in the industrial internet of things’, J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 10, pp. 8112–8121, Nov. 2022, doi: 10.1016/j.jksuci.2022.07.023.
[31] R. Ahmad, I. Alsmadi, W. Alhamdani, and L. Tawalbeh, ‘A comprehensive deep learning benchmark for IoT IDS’, Comput. Secur., vol. 114, 2022, doi: 10.1016/j.cose.2021.102588.
[32] D. Nedeljkovic and Z. Jakovljevic, ‘CNN based method for the development of cyber-attacks detection algorithms in industrial control systems’, Comput. Secur., vol. 114, Mar. 2022, doi: 10.1016/j.cose.2021.102585.
[33] M. M. Hassan, S. Huda, S. Sharmeen, J. Abawajy, and G. Fortino, ‘An Adaptive Trust Boundary Protection for IIoT Networks Using Deep-Learning Feature-Extraction-Based Semisupervised Model’, IEEE Trans. Ind. Informatics, vol. 17, no. 4, pp. 2860–2870, Apr. 2021, doi: 10.1109/TII.2020.3015026.
[34] A. Telikani, J. Shen, J. Yang, and P. Wang, ‘Industrial IoT Intrusion Detection via Evolutionary Cost-Sensitive Learning and Fog Computing’, IEEE Internet Things J., vol. 9, no. 22, pp. 23260–23271, Nov. 2022, doi: 10.1109/JIOT.2022.3188224.
[35] A. Patcha and J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Computer Networks, vol. 51, no. 12, pp. 3448–3470, 2007. DOI: 10.1016/j.comnet.2006.11.001
[36] M. Thaseen and C. A. Kumar, "Intrusion detection model using fusion of PCA and optimized SVM," Procedia Computer Science, vol. 78, pp. 26–31, 2016. DOI: 10.1016/j.procs.2016.02.006
[37] K. Kim et al., "Long Short-Term Memory Recurrent Neural Network Classifier for Intrusion Detection," IEEE Access, vol. 6, pp. 21954–21963, 2018. DOI: 10.1109/ACCESS.2018.2820191
[38] Q. Wang et al., "A deep reinforcement learning-based framework for lightweight intrusion detection in Industrial IoT," IEEE Internet of Things Journal, vol. 8, no. 18, pp. 14470–14480, 2021. DOI: 10.1109/JIOT.2021.3050451
[39] A. Lin et al., "Explainable Reinforcement Learning: A Survey," Neurocomputing, vol. 537, pp. 250–268, 2023. DOI: 10.1016/j.neucom.2023.03.003