EMTD: Explainable Malicious Traffic Detection Model Using Hybrid Deep Learning Techniques for Industrial IoT Networks

Cybersecurity of the Internet of Things based complex safety-critical systems like the Industrial Internet of Things has gained considerable attention in recent years, focusing on accurate and timely detection of malicious traffic. In cybersecurity, deep learning-driven malicious traffic detection systems are usually used to identify malicious traffic, also called cyber-attacks, because of their capability to provide more accurate predictions from heterogeneous data. In most cases, existing malicious traffic detection systems based on deep learning are unable to detect zero-day attacks and mainly suffer from a high false positive rate, and its prediction is also challenging to understand, even by cybersecurity professionals. Thus, to overcome these limitations, this work proposes an explainable model of malicious traffic detection based on hybrid deep learning techniques. In this model, a lightweight residual network is designed for feature extraction, and a hybrid of Autoencoder and Bidirectional Gated Recurrent Unit-driven deep learning model is proposed for malicious traffic detection. Additionally, the Deep-SHAP-based eXplainable AI technique is employed to understand better how cyber-attacks is detected by the proposed model and which features are responsible for decision-making. A real-time Edge-IIoTset dataset is used to validate and compare the efficiency of a proposed approach with contemporary malicious traffic detection techniques. Results of experiments confirm that the proposed model outperforms existing models in terms of accuracy (94.94%), precision (98.43%), and false positive rate (0.07%) and explain its ability to defend Industrial Internet of Things networks against zero-day cyber-attacks.