A New Explainable Deep Learning Framework for Cyber Threat Discovery in Industrial IoT Networks

Industrial Internet of Things (IIoT) and Industry 4.0 empower interrelation among manufacturing processes, industrial machines, and utility services. The time-critical data collected from heterogeneous sensing devices are usually communicated to processing points for analysis and aggregation as the basis of IIoT. The IIoTs' service quality typically depends on data integrity and accuracy, which could be exploited by injecting malicious events, such as false data injection and data poisoning attacks. Thus, effective anomaly recognition and explanation are critical for ensuring quality services and empowering security administrators to interpret the causal reasoning of prediction decisions and underlying data evidence. This study proposes an autoencoder-based detection framework using convolutional and recurrent networks to discover cyber threats in IIoT networks and explain the model. A two-step sliding window (SW) is applied to learn the latent representations of data features better. Malicious points from the raw time series are transformed into fixed-length series through the first-step SW. Every series is converted into continuous-time-reliant subseries via another smaller SW to learn latent representations of malicious events. Fully connected networks use the extracted temporal and spatial features for the classification and explanation of attack events. The empirical results revealed that this framework effectively extracts features that include contexts of malicious patterns. This demonstrated that the proposed framework is robust in detecting malicious events using multiple evaluation metrics and outperforming the contemporary state-of-the-art methods, indicating its suitability as an operative application method in real-world IIoT-based networks.