The extensive propagation of industrial Internet of Things (IIoT) technologies has encouraged intruders to initiate a variety of attacks that need to be identified to maintain the security of end-user data and the safety of services offered by service providers. Deep learning (DL), especially recurrent approaches, has been applied successfully to the analysis of IIoT forensics but their key challenge of recurrent DL models is that they struggle with long traffic sequences and cannot be parallelized. Multihead attention (MHA) tried to address this shortfall but failed to capture the local representation of IIoT traffic sequences. In this article, we propose a forensics-based DL model (called Deep-IFS) to identify intrusions in IIoT traffic. The model learns local representations using local gated recurrent unit (LocalGRU), and introduces an MHA layer to capture and learn global representation (i.e., long-range dependencies). A residual connection between layers is designed to prevent information loss. Another challenge facing the current IIoT forensics frameworks is their limited scalability, limiting performance in handling Big IIoT traffic data produced by IIoT devices. This challenge is addressed by deploying and training the proposed Deep-IFS in a fog computing environment. The intrusion identification becomes scalable by distributing the computation and the IIoT traffic data across worker fog nodes for training the model. The master fog node is responsible for sharing training parameters and aggregating worker node output. The aggregated classification output is subsequently passed to the cloud platform for mitigating attacks. Empirical results on the Bot-IIoT dataset demonstrate that the developed distributed Deep-IFS can effectively handle Big IIoT traffic data compared with the present centralized DL-based forensics techniques. Further, the results validate the robustness of the proposed Deep-IFS across various evaluation measures.
Bibliographical notePublisher Copyright:
© 2005-2012 IEEE.