Data driven intrusion detection system for software defined networking enabled industrial internet of things

Without an iota of doubt, security, safety, and privacy are the most critical aspects of any Industrial Internet of Things (IIoT) environment. Among the existing intrusion detection methods, knowledge-based methods discover only the recognized attacks, the behavior-based methods suffer from high false positives, and specification-based methods demand the complete knowledge about the elements present in the IIoT environment. Examining the heterogeneous data from different and distributed sensors and sending the correct commands to actuators are vital to the increasingly industrialized economy. This work proposes an Intrusion Detection System (IDS) for the IIoT environment that combines both the anomaly and specification-based approaches. The resulting system overcomes the limitations of the contemporary techniques by detecting unidentified attacks. All kinds of data emanating from any IIoT setup comprising sensors and actuators are logged, and specification rules are constructed from it. Any violations of the created rules are treated as attacks. The validation is carried out through simulation using the Mininet tool with the dataset obtained from the real-world water treatment facility at the Singapore University of Technology and Design (SUTD). The results show only 3.2% of false positives with the detection rate of 96.4%.