UInDeSI4.0 : An efficient Unsupervised Intrusion Detection System for network traffic flow in Industry 4.0 ecosystem

Abstract

In an Industry 4.0 ecosystem, all the essential components are digitally interconnected, and automation is integrated for higher productivity. However, it invites the risk of increasing cyber-attacks amid the current cyber explosion. The identification and monitoring of these malicious cyber-attacks and intrusions need efficient threat intelligence techniques or intrusion detection systems (IDSs). Reducing the false positive rate in detecting cyber threats is an important step for a safer and reliable environment in any industrial ecosystem. Available approaches for intrusion detection often suffer from high computational costs due to large number of feature instances. Therefore, this paper proposes a novel unsupervised IDS for Industry 4.0 which we term as: Unsupervised Intrusion Detection System for Industry 4.0 (UInDeSI4.0). We have substantiated the proposed UInDeSI4.0 approach through its experimentation on the well-known UNSW-NB15 Industry 4.0 dataset. The proposed UInDeSI4.0 employs feature selection approaches to obtain minimal and optimal features. These features are then used to train isolation forest to detect network traffic threats in an unsupervised manner. Accordingly, the proposed UInDeSI4.0 approach can efficiently differentiate between the normal events and the attacks or intrusions in environments with no label information. Experimental results show that the proposed UInDeSI4.0 provides better accuracy (63%) and a minimal feature set (nine) compared to traditional IDSs. In contrast to deep learning approaches, UInDeSI4.0 generates faster results with minimum features. In conclusion, we establish the superiority of UInDeSI4.0 approach as an accurate and computationally efficient IDS for Industry 4.0.