Deep Learning for Cyber Security Risk Assessment in IIoT Systems

Deep Learning for Cyber Security Risk Assessment in IIoT Systems

Mirjana D. Stojanović, Jasna D. Marković-Petrović
Copyright: © 2023 |Pages: 13
DOI: 10.4018/978-1-7998-9220-5.ch127
(Individual Chapters)
No Current Special Offers


This article addresses cyber security risk assessment in industrial internet of things (IIoT) networks, and particularly the continuous risk assessment (CRA) process, which assumes real-time, dynamic risk evaluation based on the run-time data. IIoT cyber security risks, threats, and attacks are briefly presented. Requirements for cyber security risk assessment of industrial control systems as well as applicability of machine learning for that purpose are considered. The architectural view of the CRA process in the IIoT environment is presented and discussed. Possibilities of deep learning approaches to achieve CRA in IIoT systems are explored. Deep learning can be integrated into edge-computing-based systems and used for feature extraction and risk classification from massive raw data. Several research works are presented and briefly discussed. The article ends with emphasizing the future research directions and concluding remarks.
Chapter Preview


This section briefly reviews the theoretical background for cyber security risk assessment in the industrial IoT environment. Since identification of risks, threats and attacks precedes risk assessment process, the first part is dedicated to classification of cyber security risks, threats and attacks that are specific for IIoT systems. The second part surveys cyber security risk assessment of industrial systems in terms of actual standards, security principles and priorities, as well as classification of risk assessment methods. The final part discusses general use of machine learning for security and engineering risk assessment.

IIoT Cyber Security Risks, Threats and Attacks

In addition to performance degradation, successful cyber attacks on IIoT system may have permanent or temporary impact on human health and lives, the environment and assets. The main security risks include the lack of authentication and security in sensors and other cyber-physical devices; insecure gateways through which data is transmitted to the cloud; cloud security issues and insecure communication protocols. Successful attacks may cause a number of operational issues such as equipment damage, unforeseen operational concerns, endangered personal safety and regulatory issues (Stojanović & Boštjančič Rakas, 2020).

Several recent studies have provided classification and description of the cyber security threats and attacks against IIoT systems. Sajid, Abbas, and Saleem (2016) identify the most specific threats to supervisory control and data acquisition (SCADA) systems in IoT-cloud environments as follows: advanced persistent threats (APT), lack of data integrity protection, man-in-the-middle (MITM) attacks, identity theft, eavesdropping, replay attacks, as well as different forms of denial of service (DoS) attacks. Leander, Čaušević, and Hansson (2019) apply a threat model based on the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service and Elevation of privilege) method, which was originally introduced by Microsoft. They demonstrate the model on three typical scenarios related to the flow-control loop from the perspective of an industrial automation and control system (IACS). Tsiknas, Taketzis, Demertzis, and Skianis (2021) classify the IIoT threats in five generic categories: phishing attacks, ransomware, protocol, supply chain, and system attacks. Such a classification enables understanding of the security risks and the associated countermeasures in the IIoT environment.

Berger, Burger, and Roglinger (2020) propose three-layer taxonomy of attacks on the IIoT, where each layer is associated with appropriate dimensions and characteristics. Thus, the method of operation layer identifies the entry points and methods used to perform an attack. This layer classifies attacks according to the technique, mechanism, executability and focus. The target layer classifies attacks according to the vulnerability and IIoT level. Finally, the impact layer characterizes effects of the successful attack in the sense of consequence and scope. Table 1 briefly summarizes previously described approaches.

Table 1.
Taxonomies of IIoT cyber security risks, threats and attacks
SourceCategoryTaxonomyMain characteristics
Stojanović and Boštjančič Rakas (2020) Cyber security risks• Lack of authentication and security in cyber-physical devices
• Insecure gateways
• Cloud security issues
• Insecure communication protocols
General classification that facilitates identification of IIoT operational issues in the case of successful attacks
Sajid et al. (2016) Cyber security threats• APT
• Lack of data integrity protection
• MITM attacks
• Identity theft
• Eavesdropping
• Replay attacks
• Different forms of DoS
Intended for IoT-based SCADA systems
Leander et al. (2019) Cyber security threats• STRIDE modelIntended for IACS
Tsiknas et al. (2021) Cyber security threatsFive-category model:
• Phishing attacks
• Ransomware
• Protocol
• Supply chain
• System attacks
Generic model suitable for definition of countermeasures
Berger et al. (2020) Cyber security attacksThree-layer model:
• Method of operation layer
• Target layer
• Impact layer
Multi-layer taxonomy that facilitates identification of similarities and differences between attacks on the IIoT

Key Terms in this Chapter

Continuous Risk Assessment (CRA): Risk assessment process that is performed dynamically, on an ongoing basis.

Industrial Control System (ICS): A general term that refers to the interconnected equipment used to monitor and control physical equipment and processes in industrial environments.

Classification Accuracy: In the context of machine learning, a metric that represents the rate of correct classifications.

Asset: Any element of an information system that possesses a value.

Cyber Security Threat: An event that can take advantage of system’s vulnerability and cause a negative impact on it.

Return on Security Investment (ROSI): Risk metric, which calculates the loss avoided through preventive investments in security.

Deep Neural Network (DNN): A neural network with multiple hidden layers, which use sophisticated mathematical modeling to process data in a complex way.

Security Information and Event Management (SIEM): A software solution that collects security data from various network devices and performs data analytics and correlation of the corresponding security events.

Cyber Security Risk: Exposure to harm or loss resulting from data breaches or attacks on information and communication systems.

Cyber Security Attack: Any action that targets information systems, computer networks, infrastructures, or personal computer devices, with the intent to cause damage.

Complete Chapter List

Search this Book: