Securing Critical Infrastructures: Deep-Learning-Based Threat Detection in IIoT

The Industrial Internet of Things (IIoT) is a physical information system developed based on traditional industrial control networks. As one of the most critical infrastructure systems, IIoT is also a preferred target for adversaries engaged in advanced persistent threats (APTs). To address this issue, we explore a deep-learning-based proactive APT detection scheme in IIoT. In this scheme, considering the characteristics of long attack sequences and long-term continuous APT attacks, our solution adopts a well-known deep learning model, bidirectional encoder representations from transformers (BERT), to detect APT attack sequences. The APT attack sequence is also optimized to ensure the model's long-term sequence judgment effectiveness. The experimental results not only show that the proposed deep learning method has feasibility and effectiveness for APT detection, but also certify that the BERT model has better accuracy and a lower false alarm rate when detecting APT attack sequences than other time series models.