Skip to main content
Springer Nature Link
Log in

CyberDefender: an integrated intelligent defense framework for digital-twin-based industrial cyber-physical systems

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The rise of digital twin-based operational improvements poses a challenge to protecting industrial cyber-physical systems. It is crucial to safeguard digital twins while disclosing internals, which can create an increased attack surface. However, leveraging digital twins to simulate attacks on physical infrastructure becomes essential for enhancing ICPS cybersecurity resilience. This paper introduces an integrated intelligent defense framework called CyberDefender to study various attacks on digital twin-based ICPS from a four-layer perspective (i.e., digital twin-based industrial cyber-physical systems infrastructure layer, honeynet and software-defined industrial network layer, intelligent security platform layer, and smart industrial application layer). To demonstrate its feasibility, we implemented a proof-of-concept (PoC) solution using open-source tools, including AWS for cloud infrastructure, T-Pot for Honeynet, Mininet for SDN support, ELK tools for data management, and Docker for containerization. This framework utilizes an integrated intelligent approach to enhance intrusion detection and classification capabilities for digital twin-based industrial cyber-physical systems (DT-ICPS). The proposed intrusion detection system (IDS) combines two strategies to improve security. First, we present an innovative approach to identifying essential features using explainable AI and ensemble-based filter feature selection (XAI-EFFS). By using Shapley Additive Explanations (SHAP), we analyze the impact of different variables on predictive outcomes. Secondly, we propose a hybrid GRU-LSTM deep-learning model for detecting and classifying intrusions. We optimize the hyperparameters of the GRU-LSTM model by using a Bayesian optimization algorithm. The proposed method demonstrates excellent performance, outperforming conventional state-of-the-art techniques with an accuracy rate of 98.96%, which is a remarkable improvement. Additionally, it effectively detects zero-day attacks, contributing to digital twin-based ICPS cybersecurity resilience.

Graphical abstract

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Algorithm 1
Fig. 5
Algorithm 2
Algorithm 3
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

As the honeypot dataset was collected and analysed using open-source tools and computer resources available at our institution, it is available upon request from the corresponding author. The public dataset analysed during this study are available at: [Online] Available at: GitHub https://github.com/ngoclesydney/Anomaly-Detection-with-Swat-Dataset, https://drive.google.com/file/d/1cJECqTj7ExPuwCddrCPB5RTnuk5NKvCF/view, all data and software used during this study are cited and included in the references.

Abbreviations

AUC:

Area under curve

BO:

Bayesian optimization

CNN:

Convolutional neural networks

CTF:

Capture-the-flag

DNN:

Deep neural network

DT:

Digital twin

DL:

Deep learning

DDoS:

Distributed denial of service

ELK:

Elasticsearch, logstash, and kibana

ERP:

Enterprise resource planning process

EFFS:

Ensemble-based filter feature selection

ERA:

Enterprise reference architecture

EL:

Ensemble learning

GRU:

Gated recurrent unit

ICPS:

Industrial cyber physical systems

IPS:

Intrusion prevention system

IDS:

Intrusion detection system

ICS:

Industrial control system

LSTM:

Long short-term memory

MES:

Manufacturing execution system

MITM:

Man in-the-middle

ML:

Machine learning

NFV:

Network functions virtualization

NIDS:

Network intrusion detection system

ONOS:

Open network operating system

PLC:

Programmable logic controller

POC:

Proof-of-concept (PoC)

RF:

Random forest

RNN:

Recurrent neural network

TI:

Timing intrusion

ROC:

Receiver operating characteristic

SWaT:

Secure water treatment

SDN:

Software-defined network

SNMP:

Simple network management protocol

SOC:

Security operations centre

XAI:

Explainable artificial intelligence

References

  1. Alam, K.M., El Saddik, A.: C2PS: a digital twin architecture reference model for the cloud-based cyber-physical systems. IEEE Access 5(8), 2050–2062 (2017). https://doi.org/10.1109/ACCESS.2017.2657006

    Article  Google Scholar 

  2. Karaarslan, E., Babiker M.: Digital twin security threats and countermeasures: an introduction. In: 14th International conferences information security cryptology, ISCTURKEY 2021 - Proceedings, No. December, pp. 7–11, (2021). https://doi.org/10.1109/ISCTURKEY53027.2021.9654360.

  3. Singh, K., Singh Tomar, D.D.: Architecture, enabling technologies, security and privacy, and applications of internet of things: a survey, In: Proceedings of International Conference I-SMAC (IoT Soc. Mobile, Anal. Cloud), I-SMAC 2018, vol. 4, no. 5, pp. 642–646, (2019). https://doi.org/10.1109/I-SMAC.2018.8653708.

  4. Alves, T., Morris, T.: OpenPLC: an IEC 61,131–3 compliant open source industrial controller for cyber security research. Comput. Secur. 78, 364–379 (2018). https://doi.org/10.1016/j.cose.2018.07.007

    Article  Google Scholar 

  5. Dawson, M.: Cyber security in industry 4.0: the Pitfalls of having Hyperconnected systems. J. Strateg. Manag. Stud. 10(1), 19–28 (2018). https://doi.org/10.24760/iasme.10.1

    Article  MathSciNet  Google Scholar 

  6. Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutorials 15(2), 860–880 (2013). https://doi.org/10.1109/SURV.2012.071812.00124

    Article  Google Scholar 

  7. Sivaraman, V., Gharakheili, H.H., Vishwanath, A., Boreli, R., Mehani, O.: Network-level security and privacy control for smart-home IoT devices, In: 2015 IEEE 11th International conference on wireless mobile computer network communication WiMob 2015, pp. 163–167 (2015). https://doi.org/10.1109/WiMOB.2015.7347956

  8. Ding, D., Han, Q.L., Xiang, Y., Ge, X., Zhang, X.M.: A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing 275, 1674–1683 (2018). https://doi.org/10.1016/j.neucom.2017.10.009

    Article  Google Scholar 

  9. Dawson, M., Bacius, R., Gouveia, L.B., Vassilakos, A.: Understanding the challenge of cybersecurity in critical infrastructure sectors. L. Forces Acad. Rev. 26(1), 69–75 (2021). https://doi.org/10.2478/raft-2021-0011

    Article  Google Scholar 

  10. Noorizadeh, M., Shakerpour, M., Meskin, N., Unal, D., Khorasani, K.: A cyber-security methodology for a cyber-physical industrial control system testbed. IEEE Access 9, 16239–16253 (2021). https://doi.org/10.1109/ACCESS.2021.3053135

    Article  Google Scholar 

  11. Mullet, V., Sondi, P., Ramat, E.: A review of cybersecurity guidelines for manufacturing factories in industry 4.0. IEEE Access 9, 23235–23263 (2021). https://doi.org/10.1109/ACCESS.2021.3056650

    Article  Google Scholar 

  12. Qi, Q., Tao, F.: A smart manufacturing service system based on edge computing, fog computing, and cloud computing. IEEE Access 7, 86769–86777 (2019). https://doi.org/10.1109/ACCESS.2019.2923610

    Article  Google Scholar 

  13. Rubio, J.E., Alcaraz, C., Roman, R., Lopez, J.: Current cyber-defense trends in industrial control systems. Comput. Secur. 87, 101561 (2019). https://doi.org/10.1016/j.cose.2019.06.015

    Article  Google Scholar 

  14. Wollschlaeger, J., Sauter, M., Jasperneite, T.: The future of industrial communication. IEEE Ind. Electron. Mag. 1(1), 17–27 (2017)

    Article  Google Scholar 

  15. Ashtari Talkhestani, B., et al.: An architecture of an intelligent digital twin in a cyber-physical production system. At-Automatisierungstechnik 67(9), 762–782 (2019). https://doi.org/10.1515/auto-2019-0039

    Article  Google Scholar 

  16. Zhong, W., Yu, R., Xie, S., Zhang, Y., Tsang, D.H.K.: Software defined networking for flexible and green energy internet. IEEE Commun. Mag. 54(12), 68–75 (2016). https://doi.org/10.1109/MCOM.2016.1600352CM

    Article  Google Scholar 

  17. Schneider, P., Böttinger, K.: High-performance unsupervised anomaly detection for cyber-physical system networks. In: Proceeding on ACM conference computer communication security, pp. 1–12 (2018). https://doi.org/10.1145/3264888.3264890.

  18. Dietz, M., Vielberth, M., Pernul, G.: Integrating digital twin security simulations in the security operations center. ACM Int. Conf. Proceed. Ser. (2020). https://doi.org/10.1145/3407023.3407039

    Article  Google Scholar 

  19. de Alencar Silva, P., Fadaie, R., van Sinderen, M.: Towards a Digital Twin for Simulation of Organizational and Semantic Interoperability in IDS Ecosystems, In: CEUR Workshop Proceeding, vol. 3214 (2022)

  20. Weinman, J.: The economics and strategy of manufacturing and the cloud. IEEE Cloud Comput. 3(4), 6–11 (2016). https://doi.org/10.1109/MCC.2016.88

    Article  Google Scholar 

  21. Yampolskiy, M., Horvath, P., Koutsoukos, X.D., Xue, Y., Sztipanovits, J.: Taxonomy for description of cross-domain attacks on CPS, In: HiCoNS 2013 – Proceedings on 2nd ACM international conference high confidence networked systems part CPSWeek 2013, pp. 135–142, (2013). https://doi.org/10.1145/2461446.2461465.

  22. Zolanvari, M., Teixeira, M.A., Jain, R.: Effect of imbalanced datasets on security of industrial IoT using machine learning, In: 2018 IEEE International conference on intelligent security informatics, ISI 2018, pp. 112–117 (2018). https://doi.org/10.1109/ISI.2018.8587389

  23. Wolf, M., Serpanos, D.: Safety and security in cyber-physical systems and internet-of-things systems. Proc. IEEE 106(1), 9–20 (2018). https://doi.org/10.1109/JPROC.2017.2781198

    Article  Google Scholar 

  24. Nguyen, X.T., Luu, Q.K.: Factors affecting adoption of industry 4.0 by small-and medium-sized enterprises: a case in Ho Chi Minh city, Vietnam. J. Asian Financ. Econ. Bus. 7(6), 255–264 (2020). https://doi.org/10.13106/JAFEB.2020.VOL7.NO6.255

    Article  Google Scholar 

  25. Culot, G., Fattori, F., Podrecca, M., Sartor, M.: Addressing industry 4.0 cybersecurity challenges. IEEE Eng. Manag. Rev. 47(3), 79–86 (2019). https://doi.org/10.1109/EMR.2019.2927559

    Article  Google Scholar 

  26. Asghar, M.R., Hu, Q., Zeadally, S.: Cybersecurity in industrial control systems: issues, technologies, and challenges. Comput. Networks 165, 106946 (2019). https://doi.org/10.1016/j.comnet.2019.106946

    Article  Google Scholar 

  27. Maesschalck, S., Giotsas, V., Green, B., et al.: Honeypots for automatic network-level industrial control system security. In: 14th EuroSys Dr. …, 2020, [Online]. Available: https://eprints.lancs.ac.uk/id/eprint/143058/%0A, https://eprints.lancs.ac.uk/id/eprint/143058/1/EUROSYS_Doctoral_Workshop.pdf.

  28. Alata, E., Nicomette, V., Kaâniche, M., Dacier, M., Herrb, M.: Lessons learned from the deployment of a high-interaction honeypot. In: Proceedings on Sixth European dependable computer conference EDCC 2006, pp. 39–44 (2006). https://doi.org/10.1109/EDCC.2006.17.

  29. Antonioli, D., Agrawal, A., Tippenhauer, N.O.: Towards high-interaction virtual ICS honeypots-in-a-box. In: CPS-SPC 2016 – Proceeding on 2nd ACM working cyber-physical system, security, and privacy, co-located with CCS 2016, pp. 13–22 (2016). https://doi.org/10.1145/2994487.2994493

  30. Kim, H., Claffy, K.C., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.Y.: Internet traffic classification demystified: Myths, caveats, and the best practices. In: Proceeding of the 2008 ACM coNEX Conference - 4th International Conference Emerging Network Experience Technology Conex. ’08 (2008). https://doi.org/10.1145/1544012.1544023

  31. Serbanescu, A.V., Obermeier, S., Yu, D.Y.: ICS threat analysis using a large-scale honeynet, pp. 20–30 (2015). https://doi.org/10.14236/ewic/ics2015.3

  32. Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020). https://doi.org/10.1016/j.jisa.2019.102419

    Article  Google Scholar 

  33. Liaqat, S., Akhunzada, A., Shaikh, F.S., Giannetsos, A., Jan, M.A.: SDN orchestration to combat evolving cyber threats in Internet of Medical Things (IoMT). Comput. Commun. 160(July), 697–705 (2020). https://doi.org/10.1016/j.comcom.2020.07.006

    Article  Google Scholar 

  34. Li, B., Wu, Y., Song, J., Lu, R., Li, T., Zhao, L.: DeepFed: federated deep learning for intrusion detection in industrial cyber-physical systems. IEEE Trans. Ind. Inform. 17(8), 5615–5624 (2021). https://doi.org/10.1109/TII.2020.3023430

    Article  Google Scholar 

  35. Wang, Z., Lai, Y., Liu, Z., Liu, J.: Explaining the attributes of a deep learning based intrusion detection system for industrial control networks. Sensors (Switzerland) 20(14), 1–23 (2020). https://doi.org/10.3390/s20143817

    Article  Google Scholar 

  36. Chu, A., Lai, Y., Liu, J.: Industrial control intrusion detection approach based on multiclassification GoogLeNet-LSTM model. Secur. Commun. Networks 2, 2019 (2019). https://doi.org/10.1155/2019/6757685

    Article  Google Scholar 

  37. Varghese, S.A., Dehlaghi Ghadim, A., Balador, A., Alimadadi, Z., Papadimitratos, P.: Digital Twin-based Intrusion Detection for Industrial Control Systems, In: 2022 IEEE International conference on pervasive computer communication work other affiliation events, PerCom Work. 2022, pp. 611–617 (2022). https://doi.org/10.1109/PerComWorkshops53856.2022.9767492

  38. Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: CPSS 2018 – Proceedings on 4th ACM workong cyber-physical system security co-located with ASIA CCS 2018, pp. 61–72 (2018). https://doi.org/10.1145/3198458.3198464.

  39. Akbarian, F., Fitzgerald, E., Kihl, M.: Intrusion detection in digital twins for industrial control systems. In: 2020 28th International conference software, telecommunication computer and networks, SoftCOM 2020, (2020). https://doi.org/10.23919/SoftCOM50211.2020.9238162.

  40. Lipsa, S., Dash, R.K.: A novel intrusion detection system based on deep learning and random forest for digital twin on IOT platform. Int. J. Sch. Res. Eng. Technol. 2(1), 051–064 (2023). https://doi.org/10.56781/ijsret.2023.2.1.0020

    Article  Google Scholar 

  41. Gowripeddi, V.V., Sasirekha, G.V.K., Bapat, J., Das, D.: digital twin and ontology based DDoS attack detection in a smart-factory 4.0, In: 5th International Conference Artificial Intelligent Information Communication. ICAIIC 2023, pp. 286–291 (2023). https://doi.org/10.1109/ICAIIC57133.2023.10067049

  42. Deutsche Telekom AG T-Pot. Version 17.10, (2018). [Online]. Available: https://github.com/dtag-dev-sec/tpotce/, Accessed: 23rd April 2018

  43. Antonioli, D., Tippenhauer, N.O.: MiniCPS: a toolkit for security research on CPS networks. In: CPS-SPC 2015 - Proceeding 1st ACM Working cyber-physical system and/or privacy, co-located with CCS 2015, pp. 91–100 (2015). https://doi.org/10.1145/2808705.2808715

  44. AWS Cloud, [Online]. Available: https://aws.amazon.com/Accessed 23rd May 2018

  45. Docker, [Online]. Available: https://www.docker.com/., Accessed: Accessed 12th April (2018)

  46. Rahman, A., et al.: SDN–IoT empowered intelligent framework for industry 4.0 applications during COVID-19 pandemic. Cluster Comput. 25(4), 2351–2368 (2022). https://doi.org/10.1007/s10586-021-03367-4

    Article  Google Scholar 

  47. Rahman, A., Hossain, M.S., Muhammad, G., Kundu, D., Debnath, T., Rahman, M., et al.: Federated learning-based AI approaches in smart healthcare: concepts, taxonomies, challenges and open issues. Cluster Comput 26(4), 2271–2311 (2023)

    Article  Google Scholar 

  48. Rahman, A., Islam, M.J., Montieri, A., Nasir, M.K., Reza, M.M., Band, S.S., Mosavi, A.: Smartblock-sdn: an optimized blockchain-sdn framework for resource management in Iot. IEEE Access 9, 28361–28376 (2021)

    Article  Google Scholar 

  49. Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: 2016 International working cyber-physical system smart water networks, CySWater 2016, No. Figure 1, pp. 31–36 (2016). https://doi.org/10.1109/CySWater.2016.7469060

  50. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP 2018 - Proceeding 4th international conference information system security private, vol. 2018-Janua, No. Cic, pp. 108–116 (2018). https://doi.org/10.5220/0006639801080116

  51. Krishnaveni, S., Prabakaran, S.: Ensemble approach for network threat detection and classification on cloud computing (2019). https://doi.org/10.1002/cpe.5272

  52. Krishnaveni, S., Sivamohan, S., Sridhar, S., Prabhakaran, S.: Network intrusion detection based on ensemble classification and feature selection method for cloud computing. Concurr. Comput. Pract. Exp. 34(11), 1–29 (2022). https://doi.org/10.1002/cpe.6838

    Article  Google Scholar 

  53. Osamor, V.C., Okezie, A.F.: Enhancing the weighted voting ensemble algorithm for tuberculosis predictive diagnosis. Sci. Rep. 11(1), 1–11 (2021). https://doi.org/10.1038/s41598-021-94347-6

    Article  Google Scholar 

  54. Mhawi, D.N., Aldallal, A., Hassan, S.: Advanced feature-selection-based hybrid ensemble learning algorithms for network intrusion detection systems. Symmetry (Basel) (2022). https://doi.org/10.3390/sym14071461

    Article  Google Scholar 

  55. Ali, M., et al.: A data-driven knowledge acquisition system: an end-to-end knowledge engineering process for generating production rules. IEEE Access 6, 15587–15607 (2018). https://doi.org/10.1109/ACCESS.2018.2817022

    Article  Google Scholar 

  56. Udoy, A.I., Rahaman, M.A., Islam, M.J., Rahman, A., Ali, Z., Muhammad, G.: 4SQR-code: a 4-state QR code generation model for increasing data storing capacity in the digital twin framework. J. Adv. Res. (2023). https://doi.org/10.1016/j.jare.2023.10.006

    Article  Google Scholar 

  57. Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., Ahmad, F.: Network intrusion detection system: a systematic study of machine learning and deep learning approaches. Trans. Emerg. Telecommun. Technol. 32(1), 1–29 (2021). https://doi.org/10.1002/ett.4150

    Article  Google Scholar 

  58. Ogwara, N.O., Petrova, K., Yang, M.L., Tan, L.: Towards the development of a cloud computing intrusion detection framework using an ensemble hybrid feature selection approach. J. Comput. Networks Commun (2022). https://doi.org/10.1155/2022/5988567

    Article  Google Scholar 

  59. Wu, D., Jiang, Z., Xie, X., Wei, X., Yu, W., Li, R.: LSTM learning with bayesian and gaussian processing for anomaly detection in industrial IoT. IEEE Trans. Ind. Informatics 16(8), 5244–5253 (2020). https://doi.org/10.1109/TII.2019.2952917

    Article  Google Scholar 

  60. Mane, S., Rao, D.: Explaining network intrusion detection system using explainable AI framework. No. Ml, pp. 1–10 (2021). [Online]. Available: http://arxiv.org/abs/2103.07110

  61. Jacoby, M., Volz, F., Weißenbacher, C., Stojanovic, L., Usländer, T.: An approach for Industrie 4.0-compliant and data-sovereign digital twins realization of the industrie 4.0 asset administration shell with a data-sovereignty extension. At-Automatisierungstechnik 69(12), 1051–1061 (2021). https://doi.org/10.1515/auto-2021-0074

    Article  Google Scholar 

  62. Dawoud, A., Shahristani, S., Raun, C.: Deep learning and software-defined networks: towards secure IoT architecture. Intern. Things (Netherlands) 3–4, 82–89 (2018). https://doi.org/10.1016/j.iot.2018.09.003

    Article  Google Scholar 

  63. Meng, F., Fu, Y., Lou, F.: A network threat analysis method combined with kernel PCA and LSTM-RNN, In: Proceeding of 2018 10th international conference on advanced computer intelligence ICACI 2018, pp. 508–513 (2018). https://doi.org/10.1109/ICACI.2018.8377511

  64. Haider, A., Khan, M.A., Rehman, A., Ur Rahman, M., Kim, H.S.: A real-time sequential deep extreme learning machine cybersecurity intrusion detection system. Comput. Mater. Contin. 66(2), 1785–1798 (2020). https://doi.org/10.32604/cmc.2020.013910

    Article  Google Scholar 

  65. Saharkhizan, M., Azmoodeh, A., Dehghantanha, A., Choo, K.K.R., Parizi, R.M.: An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic. IEEE Internet Things J. 7(9), 8852–8859 (2020). https://doi.org/10.1109/JIOT.2020.2996425

    Article  Google Scholar 

  66. Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: DÏoT: a federated self-learning anomaly detection system for IoT, In: Proceedings of international conference on distribution computer system, vol. 2019-July, pp. 756–767 (2019). https://doi.org/10.1109/ICDCS.2019.00080

  67. Diro, A.A., Chilamkurti, N.: Distributed attack detection scheme using deep learning approach for Internet of Things. Futur. Gener. Comput. Syst. 82, 761–768 (2018). https://doi.org/10.1016/j.future.2017.08.043

    Article  Google Scholar 

  68. Arora, K., Chauhan, R.: Improvement in the performance of deep neural network model using learning rate, In: 2017 Innovation power advance computer technology i-PACT 2017, vol. 2017-Janua, pp. 1–5 (2017). https://doi.org/10.1109/IPACT.2017.8245184

  69. Javeed, D., Gao, T., Khan, M.T.: Sdn-enabled hybrid dl-driven framework for the detection of emerging cyber threats in Iot. Electronics 10(8), 1–16 (2021). https://doi.org/10.3390/electronics10080918

    Article  Google Scholar 

  70. Malik, J., Akhunzada, A., Bibi, I., Imran, M., Musaddiq, A., Kim, S.W.: Hybrid deep learning: an efficient reconnaissance and surveillance detection mechanism in SDN. IEEE Access 8, 134695–134706 (2020). https://doi.org/10.1109/ACCESS.2020.3009849

    Article  Google Scholar 

  71. Ibor, A.E., Okunoye, O.B., Oladeji, F.A., Abdulsalam, K.A.: Novel hybrid model for intrusion prediction on cyber physical systems’ communication networks based on bio-inspired deep neural network structure. J. Inf. Secur. Appl. 65(January), 103107 (2022). https://doi.org/10.1016/j.jisa.2021.103107

    Article  Google Scholar 

  72. Wang, Z., Li, Z., He, D., Chan, S.: A lightweight approach for network intrusion detection in industrial cyber-physical systems based on knowledge distillation and deep metric learning. Expert Syst. Appl. 206(June), 117671 (2022). https://doi.org/10.1016/j.eswa.2022.117671

    Article  Google Scholar 

  73. Catillo, M., Pecchia, A., Villano, U.: CPS-GUARD: intrusion detection for cyber-physical systems and IoT devices using outlier-aware deep autoencoders. Comput. Secur. 129, 103210 (2023). https://doi.org/10.1016/j.cose.2023.103210

    Article  Google Scholar 

  74. Abdelkhalek, M., Ravikumar, G., Govindarasu, M.: ML-based anomaly detection system for der communication in smart grid, In: 2022 IEEE power energy society innovation smart grid technology conference ISGT 2022, pp. 1–5 (2022). https://doi.org/10.1109/ISGT50606.2022.9817481

  75. Nguyen, G.N., Le Viet, N.H., Elhoseny, M., Shankar, K., Gupta, B.B., El-Latif, A.A.A.: Secure blockchain enabled Cyber–physical systems in healthcare using deep belief network with ResNet model. J. Parallel Distrib. Comput. 153, 150–160 (2021). https://doi.org/10.1016/j.jpdc.2021.03.011

    Article  Google Scholar 

  76. Almiani, M., AbuGhazleh, A., Al-Rahayfeh, A., Atiewi, S., Razaque, A.: Deep recurrent neural network for IoT intrusion detection system. Simul. Model. Pract. Theory 101(November), 102031 (2019). https://doi.org/10.1016/j.simpat.2019.102031

    Article  Google Scholar 

  77. Qiu, H., Dong, T., Zhang, T., Lu, J., Memmi, G., Qiu, M.: Adversarial attacks against network intrusion detection in IoT systems. IEEE Internet Things J. 8(13), 10327–10335 (2021). https://doi.org/10.1109/JIOT.2020.3048038

    Article  Google Scholar 

  78. Bovenzi, G., Aceto, G., Ciuonzo, D., Persico, V., Pescape, A.: A hierarchical hybrid intrusion detection approach in IoT scenarios. In: 2020 IEEE global communication conference GLOBECOM 2020 - Proceeding, Vol. 2020-Janua, (2020). https://doi.org/10.1109/GLOBECOM42002.2020.9348167

  79. Kumar, V., Das, A.K., Sinha, D.: UIDS: a unified intrusion detection system for IoT environment. Evol. Intell. 14(1), 47–59 (2021). https://doi.org/10.1007/s12065-019-00291-w

    Article  Google Scholar 

  80. Mohamed, T., Kezunovic, M., Lusher, J., Liu, J. C., & Ren, J.: The use of digital twin for timing intrusion detection in synchrophasor systems. In: 2022 IEEE Power & energy society general meeting (PESGM) IEEE, July. pp. 1–5 (2022)

  81. Khan, I.A., Moustafa, N., Pi, D., Sallam, K.M., Zomaya, A.Y., Li, B.: A new explainable deep learning framework for cyber threat discovery in industrial IoT networks. IEEE Internet Things J. 9(13), 11604–11613 (2021)

    Article  Google Scholar 

  82. Khan, I.A., Pi, D., Abbas, M.Z., Zia, U., Hussain, Y., Soliman, H.: Federated-SRUs: a federated simple recurrent units-based IDS for accurate detection of cyber-attacks against IoT-augmented industrial control systems. IEEE Internet Things J. (2022). https://doi.org/10.1109/JIOT.2022.3200048

    Article  Google Scholar 

  83. Khan, I.A., Pi, D., Khan, N., Khan, Z.U., Hussain, Y., Nawaz, A., Ali, F.: A privacy-conserving framework-based intrusion detection method for detecting and recognizing malicious behaviours in cyber-physical power networks. Appl. Intell. (2021). https://doi.org/10.1007/s10489-021-02222-8

    Article  Google Scholar 

  84. Khan, I.A., Pi, D., Yue, P., Li, B., Khan, Z.U., Hussain, Y., Nawaz, A.: Efficient behaviour specification and bidirectional gated recurrent units-based intrusion detection method for industrial control systems. Electron. Lett. 56(1), 27–30 (2020)

    Article  Google Scholar 

  85. Sivamohan, S., Sridhar, S.S., Krishnaveni, S.: TEA-EKHO-IDS: An intrusion detection system for industrial CPS with trustworthy explainable AI and enhanced krill herd optimization. Peer-to-Peer Network. Appl. 16(4), 1993–2021 (2023)

    Article  Google Scholar 

  86. Alani, M.M.: An explainable efficient flow-based Industrial IoT intrusion detection system. Comput. Electr. Eng. 108, 108732 (2023)

    Article  Google Scholar 

  87. Kumar, P., Kumar, R., Aljuhani, A., Javeed, D., Jolfaei, A., Islam, A.N.: Digital twin-driven SDN for smart grid: a deep learning integrated blockchain for cybersecurity. Sol. Energy 263, 111921 (2023)

    Article  Google Scholar 

  88. Rahman, A., Islam, M.J., Band, S.S., Muhammad, G., Hasan, K., Tiwari, P.: Towards a blockchain-SDN-based secure architecture for cloud computing in smart industrial IoT. Digital Commun. Netw. 9(2), 411–421 (2023)

    Article  Google Scholar 

Download references

Funding

Not Applicable.

Author information

Authors and Affiliations

  1. Department of Computational Intelligence, SRM Institute of Science & Technology, Kattankulathur, Chennai, Tamil Nadu, 603 203, India

    S. Krishnaveni

  2. City, University of London, London, UK

    Thomas M. Chen

  3. MIT Square, London, UK

    Mithileysh Sathiyanarayanan

  4. Department of Computing Technologies, SRM Institute of Science and Technology, Kattankulathur, Chennai, Tamil Nadu, 603 203, India

    B. Amutha

Authors
  1. S. Krishnaveni
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Thomas M. Chen
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Mithileysh Sathiyanarayanan
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. B. Amutha
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

KS Data collection, evaluate the experiments results, wrote the manuscript and framework methodology design. TS review the manuscript, editing and supervision. MS review the manuscript, editing and supervision, AB Review the manuscript, editing and evaluate the experiments results.

Corresponding author

Correspondence to S. Krishnaveni.

Ethics declarations

Conflict of interest

In terms of competing financial and non-financial interests, the authors declare no conflicts of interest.

Ethical approval

Not Applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Krishnaveni, S., Chen, T.M., Sathiyanarayanan, M. et al. CyberDefender: an integrated intelligent defense framework for digital-twin-based industrial cyber-physical systems. Cluster Comput 27, 7273–7306 (2024). https://doi.org/10.1007/s10586-024-04320-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-024-04320-x

Keywords