Design of an autonomous multi-agent-based defense system against DDoS attacks in the Industrial Internet of Things (IIoT) environment

Abstract With widespread adoption across industries, Industrial Internet of Things (IIoT) environments have become prime targets for cyberattacks. Moreover, the complexity and scale of these attacks can involve highly sophisticated, artificial intelligence (AI)–enabled, and even autonomous capabilities, occurring at machine speeds and making conventional defensive mechanisms insufficient. Therefore, defensive systems must possess considerable autonomy to detect and mitigate such attacks effectively and promptly. This work presents an IIoT cyber defense system (NS-IoT) that integrates the sensitivity of Deep Reinforcement Learning (DRL) with the agility of multi-agent systems, providing an autonomous defense solution for distributed denial of service (DDoS) attacks. The NS-IoT system consists of two modules: detection and defense. For the detection module, a Deep Q-Network (DQN)-based agent (DQN-IoT) was developed to detect DDoS attacks. This agent employs DRL techniques to treat attack classification like a guessing game, leverages feedback to improve decision-making within the Markov Decision Process (MDP), and combines rewards for enhanced performance. In this study, DDoS attacks were detected using the proposed DQN-IoT model, achieving 98.43% and 98.05% accuracy on the CIC-IoT-2022 and CIC-IoT-2023 datasets, respectively. While these results highlight the model’s effectiveness, real-time response speed is crucial in real-time events. Therefore, the proposed NS-IoT system addresses this need with its autonomous multi-agent structure, which minimizes human intervention.