Sliding principal component and dynamic reward reinforcement learning based IIoT attack detection

Vijayan Ellappan; Anand Mahendran; Murali Subramanian; Jeevanandam Jotheeswaran; Adil O Khadidos; Alaa O Khadidos; Shitharth Selvarajan

doi:10.1038/s41598-023-46746-0

Sliding principal component and dynamic reward reinforcement learning based IIoT attack detection

Sci Rep. 2023 Nov 27;13(1):20843. doi: 10.1038/s41598-023-46746-0.

Authors

Vijayan Ellappan¹, Anand Mahendran², Murali Subramanian², Jeevanandam Jotheeswaran³, Adil O Khadidos⁴, Alaa O Khadidos^{5

6}, Shitharth Selvarajan^{7

8}

Affiliations

¹ School of Information Technology and Engineering, VIT, Vellore, 632014, India.
² School of Computer Science and Engineering, Vellore Institute of Technology, Vellore, India.
³ Executive Director - Technology Enabled Learning, Alliance University, Bangalore, India.
⁴ Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia.
⁵ Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia.
⁶ Director, Artificial Intelligent and Data Analysis Centre, King Abdulaziz University, 21589, Jeddah, Saudi Arabia.
⁷ Department of Computer Science, Kebri Dehar University, Kebri Dehar, Ethiopia. shitharths@kdu.edu.et.
⁸ School of Built Environment, Engineering and Computing, Leeds Beckett University, Leeds, LS1 3HE, UK. shitharths@kdu.edu.et.

Abstract

The Internet of Things (IoT) involves the gathering of all those devices that connect to the Internet with the purpose of collecting and sharing data. The application of IoT in the different sectors, including health, industry has also picked up the threads to augment over the past few years. The IoT and, by integrity, the IIoT, are found to be highly susceptible to different types of threats and attacks owing to the networks nature that in turn leads to even poor outcomes (i.e., increasing error rate). Hence, it is critical to design attack detection systems that can provide the security of IIoT networks. To overcome this research work of IIoT attack detection in large amount of evolutions is failed to determine the certain attacks resulting in a minimum detection performance, reinforcement learning-based attack detection method called sliding principal component and dynamic reward reinforcement learning (SPC-DRRL) for detecting various IIoT network attacks is introduced. In the first stage of this research methodology, preprocessing of raw TON_IoT dataset is performed by employing min-max normalization scaling function to obtain normalized values with same scale. Next, with the processed sample data as output, to extract data from multi-sources (i.e., different service profiles from the dataset), a robust log likelihood sliding principal component-based feature extraction algorithm is applied with an arbitrary size sliding window to extract computationally-efficient features. Finally, dynamic reward reinforcement learning-based IIoT attack detection model is presented to control the error rate involved in the design. Here, with the design of dynamic reward function and introducing incident repository that not only generates the reward function in an arbitrary fashion but also stores the action results in the incident repository for the next training, therefore reducing the attack detection error rate. Moreover, an IIoT attack detection system based on SPC-DRRL is constructed. Finally, we verify the algorithm on the ToN_IoT dataset of University of New South Wales Australia. The experimental results show that the IIoT attack detection time and overhead along with the error rate are reduced considerably with higher accuracy than that of traditional reinforcement learning methods.