Article Preview
TopIntroduction
The rapid development and improvement of the consumer Internet has made people begin to explore and practice the “industrial Internet.” From a macroperspective, the industrial Internet connects industrial control systems (ICSs) and the Internet with the aim of making production more intelligent. On the microlevel, the industrial Internet abandons the traditional closed and trusted environment in industrial control, integrates the exchange characteristics of the Internet, and connects the equipment, workshops, factories, employees, and customers in the industrial system using the Internet as a hub to connect the network (Alanazi et al., 2022). It promotes the intelligentization of the industry and realizes the interindustry intercommunication and the sharing of resources. However, as the industrial Internet continues to grow, it also comes with more security concerns. Over the past few years, the number of cyber attacks on the industrial manufacturing industry also increased significantly, compared with the past (Gauthama Raman & Mathur, 2022). A cyber attack on an industrial system may cause data leakage, system damage, production interruption of industrial enterprises, and even the closure and bankruptcy of enterprises, causing harm to the national social economy (Anthi et al., 2021).
According to the security status of the industrial Internet, the traditional intrusion detection system cannot effectively deal with most intrusions. Traditional intrusion detection mainly uses pattern matching and different protocol analysis techniques for detection (Gupta et al., 2009; Mishra et al., 2011). By establishing normal behavior patterns or modeling known attacks as the detection benchmark, this method is too dependent on the integrity of the modeling and must be accompanied by high rate of false positives. The industrial Internet, which links the conventional ICS to the Internet, confronts not only the security concerns of the old ICS, but also the inherent security challenges of the Internet (Chhetri et al., 2018). The cross-border integration of information technology and operation technology blurs the border between the security of industrial manufacturing and the security of the external Internet (Kou et al., 2022). In addition, and traditional detection methods are no longer suitable for detecting the current industrial Internet. The rise in popularity of deep learning has had far-reaching effects on fields such as voice and picture recognition, as well as introducing novel concepts to fields such as intrusion detection (Abu-Khzam et al., 2022; Malik et el., 2022). Applying deep learning to the field of intrusion detection can not only improve the detection rate, but also further simplify the problem of intrusion detection (Sayour et al., 2022).
Most of the traditional intrusion detection methods based on machine learning algorithms only use a single algorithm for classification and recognition, without performing feature processing on the data, which is relatively sluggish, the detection rate is not high, and it cannot accurately respond to the detection of intrusion behavior (Zhang et al., 2021). In order to achieve accurate and rapid detection of industrial Internet intrusion, it is necessary to respond to security risks and threats from both ICS and ordinary Internet. In this study, the authors selected two datasets, namely NSL-KDD (Tavallaee et al., 2009) and Gas pipeline datasets (Morris et al., 2015), which contain a large number of different attack types. At the same time, this approach is convenient, accurate, and fast to detect attack behaviors, remove irrelevant features in different datasets, and better improve the classification performance. The authors designed an intrusion detection classification model based on neural network (CNN)-long short-term memory (LSTM). The main contributions are as follows: