A Hybrid Multistage DNN-Based Collaborative IDPS for High-Risk Smart Factory Networks

New industrial control systems (ICSs) that have been modernized with the industrial Internet of Things (IIoT) are exposed to cyber-attacks that exploit IIoT vulnerabilities. Numerous intrusion detection systems (IDSs) have therefore been proposed to secure ICSs, many of which are based on machine learning, specifically deep neural networks (DNNs). Most of the proposed DNN-based solutions rely on single deep learning models and could be less costly in terms of ICS latency. However, they might have difficulties understanding the increasingly complex data distribution of intrusion patterns. Moreover, single deep learning models may not be effective in capturing the specific patterns of minority classes in highly imbalanced datasets, which is usually the case in cyber-security. Therefore, this paper proposes a novel hybrid multistage DNN-based intrusion detection and prevention system (IDPS) with better accuracy for critical ICSs that cannot afford to compromise on security to improve latency. The proposed approach sequentially learns the decision boundaries of the data that were misclassified or classified with low confidence by previous DNNs. Moreover, it incorporates a collaborative intrusion prevention system (IPS) with an emergency response schema that automatically mitigates attacks as soon as anomalies are detected. The results of experimental evaluations performed on different datasets demonstrate the effectiveness of the proposed solution.