Non-local attention enhanced deep learning for robust cyberattack detection in industrial IoT-based SCADA systems
摘要
Industrial Internet of Things (IIoT)-enabled Supervisory Control and Data Acquisition (SCADA) systems are pivotal for real-time monitoring and control in critical sectors like energy, manufacturing, and water management. However, their connectivity and complexity expose them to cyber threats, including zero-day vulnerabilities and advanced persistent threats (APTs). Traditional security measures, like signature-based intrusion detection systems (IDSs), are inadequate against dynamic attacks. This study introduces DeepNonLocalNN, a deep learning model combining convolutional neural networks (CNNs) with non-local attention blocks to capture local patterns and global dependencies in IIoT network traffic. Evaluated on the WUSTL-IIoT-2021 dataset, DeepNonLocalNN achieved strong performance, with an accuracy of 0.9999, a receiver operating characteristic-area under the curve (ROC-AUC) of 1.0000, and a macro F1-score of 0.93, outperforming baseline models such as NonLocalNN, CNNWithAttention, ResidualAttentionNetwork, and Long Short-Term Memory (LSTM). Notably, it excelled in detecting minority attack classes, including Backdoor (F1: 0.73) and Command Injection (CommInj, F1: 0.92), addressing class imbalance. The model’s scalable architecture, leveraging non-local attention and regularization, provides a high-performance solution for SCADA security in IIoT environments. Future work will focus on adapting the DeepNonLocalNN approach to real-time intrusion detection. It also aims to reduce the computational cost for resource-constrained PLCs and RTUs in SCADA systems. We also aim to validate this model on various industrial datasets and SCADA environments.