A Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks
<p>Distribution of normal vs. abnormal network traffic datagrams.</p> "> Figure 2
<p>Example of a JSON object parsed into a data frame using cuDF.</p> "> Figure 3
<p>Main pipeline of the IDS created for classification of the PCAP capture and for generating polymorphic attacks.</p> "> Figure 4
<p>Pipeline for testing the performance of the classification stage with polymorphic inputs.</p> "> Figure 5
<p>Generative adversarial network model implemented inside the stage specialized for generating polymorphic attacks.</p> "> Figure 6
<p>Workflow of the proposed IDS.</p> "> Figure 7
<p>A prototype hardware architecture suitable for monitoring using an Nvidia Morpheus IDS solution.</p> "> Figure 8
<p>Models’ accuracy evolution before and after the first set of generated data. (<b>a</b>) Accuracy result before introducing generated data. (<b>b</b>) Accuracy results after generated data was introduced.</p> "> Figure 9
<p>Models’ accuracy evolution.</p> ">
Abstract
:1. Introduction
- Simplicity and flexibility of the process that integrates the IDS system into the industrial framework.
- Capability to constantly improve the IDS’s ability to recognize harm.
- The lowest possible score of false negative results.
1.1. Motivation
1.2. Contributions
1.3. Paper Structure
2. Related Work
3. Background
3.1. Intrusion Detection Systems
3.2. Nvidia Morpheus and AI Integrated Models
4. Methods and Materials
- the conversion of the new PCAP captures into JSON format (JavaScript Object Notation). This format corresponds to the class of inputs that Nvidia Morpheus supports.
- the generative adversarial network encapsulated into a new node module
- the preprocessing for the polymorphic attacks.
4.1. Dataset Preparation and Preprocessing
Algorithm 1: Converting the PCAP capture files into the input dataset | |
Data: PCAP capture files Results: JSON format file with the record characterized by 13 attributes | |
|
4.2. IDS Software Pipeline Architecture
4.3. Monitored Hardware Architecture Prototype
5. Results
6. Discussions
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Al-Yaseen, W.L.; Idrees, A.K.; Almasoudy, F.H. Wrapper feature selection method based differential evolution and extreme learning machine for intrusion detection system. Pattern Recognit. 2022, 132, 108912. [Google Scholar] [CrossRef]
- Bannour, F.; Souihi, S.; Mellouk, A. Distributed SDN control: Survey, taxonomy, and challenges. IEEE Commun. Surv. Tutor. 2017, 20, 333–354. [Google Scholar] [CrossRef]
- Arjovsky, M.; Chintala, S.; Bottou, L. Wasserstein generative adversarial networks. In International Conference on Machine Learning; PMLR: Birmingham, UK, 2017; pp. 214–223. [Google Scholar]
- Mullet, V.; Sondi, P.; Ramat, E. A review of cybersecurity guidelines for manufacturing factories in industry 4.0. IEEE Access 2021, 9, 23235–23263. [Google Scholar] [CrossRef]
- Tomar, B.; Kumar, N.; Sreejeth, M. Real Time Automation and Ratio Control Using PLC & SCADA in Industry 4.0. Comput. Syst. Sci. Eng. 2023, 45, 1495–1516. [Google Scholar]
- Bécue, A.; Praça, I.; Gama, J. Artificial intelligence, cyber-threats and Industry 4.0: Challenges and opportunities. Artif. Intell. Rev. 2021, 54, 3849–3886. [Google Scholar] [CrossRef]
- Alohali, M.A.; Al-Wesabi, F.N.; Hilal, A.M.; Goel, S.; Gupta, D.; Khanna, A. Artificial intelligence enabled intrusion detection systems for cognitive cyber-physical systems in industry 4.0 environment. Cogn. Neurodynamics 2022, 16, 1045–1057. [Google Scholar] [CrossRef]
- Goodfellow, I.J.; Pouget-Abadie, J.; Mirza, M.; Xu, B.; Warde-Farley, D.; Ozair, S.; Courville, A.; Bengio, Y. Generative Adversarial Nets. In Proceedings of the 27th International Conference on Neural Information Processing Systems, Montreal, QC, Canada, 8–13 December 2014; Volume 2, pp. 2672–2680. [Google Scholar]
- Lu, Y.; Da Xu, L. Internet of Things (IoT) cybersecurity research: A review of current research topics. IEEE Internet Things J. 2018, 6, 2103–2115. [Google Scholar] [CrossRef]
- Martins, I.; Resende, J.S.; Sousa, P.R.; Silva, S.; Antunes, L.; Gama, J. Host-based IDS: A review and open issues of an anomaly detection system in IoT. Future Gener. Comput. Syst. 2022, 133, 95–113. [Google Scholar] [CrossRef]
- Mourtzis, D.; Angelopoulos, J.; Panopoulos, N. A Literature Review of the Challenges and Opportunities of the Transition from Industry 4.0 to Society 5.0. Energies 2022, 15, 6276. [Google Scholar] [CrossRef]
- Aldaej, A.; Ahanger, T.A.; Ullah, I. Deep Learning-Inspired IoT-IDS Mechanism for Edge Computing Environments. Sensors 2023, 23, 9869. [Google Scholar] [CrossRef]
- Awajan, A. A novel deep learning-based intrusion detection system for IOT networks. Computers 2023, 12, 34. [Google Scholar] [CrossRef]
- Rao, K.N.; Rao, K.V.; PVGD, P.R. A hybrid intrusion detection system based on sparse autoencoder and deep neural network. Comput. Commun. 2021, 180, 77–88. [Google Scholar]
- Kilincer, I.F.; Tuncer, T.; Ertam, F.; Sengur, A. SPA-IDS: An intelligent intrusion detection system based on vertical mode decomposition and iterative feature selection in computer networks. Microprocess. Microsyst. 2023, 96, 104752. [Google Scholar] [CrossRef]
- Jasim, A.F.J.; Kurnaz, S. New automatic (IDS) in IoTs with artificial intelligence technique. Optik 2023, 273, 170417. [Google Scholar] [CrossRef]
- Strumberger, I.; Tuba, E.; Bacanin, N.; Zivkovic, M.; Beko, M.; Tuba, M. Designing convolutional neural network architecture by the firefly algorithm. In Proceedings of the 2019 International Young Engineers Forum (YEF-ECE), Costa da Caparica, Portugal, 10 May 2019; pp. 59–65. [Google Scholar]
- Duy, P.T.; Khoa, N.H.; Nguyen, A.G.T.; Pham, V.H. DIGFuPAS: Deceive IDS with GAN and function-preserving on adversarial samples in SDN-enabled networks. Comput. Secur. 2021, 109, 102367. [Google Scholar] [CrossRef]
- Tabassum, A.; Erbad, A.; Lebda, W.; Mohamed, A.; Guizani, M. Fedgan-ids: Privacy-preserving ids using gan and federated learning. Comput. Commun. 2022, 192, 299–310. [Google Scholar] [CrossRef]
- Herrero, Á.; Navarro, M.; Corchado, E.; Julián, V. RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Gener. Comput. Syst. 2013, 29, 250–261. [Google Scholar] [CrossRef]
- Radoglou-Grammatikis, P. Securecyber: An SDN-enabled SIEM for enhanced cybersecurity in the industrial internet of things. MMTC Commun.-Front. 2023, 18, 16–21. [Google Scholar]
- Ramana, K.; Revathi, A.; Gayathri, A.; Jhaveri, R.H.; Narayana, C.L.; Kumar, B.N. WOGRU-IDS—An intelligent intrusion detection system for IoT assisted Wireless Sensor Networks. Comput. Commun. 2022, 196, 195–206. [Google Scholar] [CrossRef]
- Kehk, M.; Koroniotis, N.; Pham, N.; Moustafa, N.; Turnbull, B.; Zomaya, A.Y. An explainable deep learning-enabled intrusion detection framework in IoT networks. Inf. Sci. 2023, 639, 119000. [Google Scholar]
- Alabsi, B.A.; Anbar, M.; Rihan, S.D.A. Conditional tabular generative adversarial based intrusion detection system for detecting ddos and dos attacks on the internet of things networks. Sensors 2023, 23, 5644. [Google Scholar] [CrossRef] [PubMed]
- Nvidia Group. ABP Detection Example Using Morpheus. 2024. Available online: https://docs.nvidia.com/morpheus/examples/abp_pcap_detection/readme.html#verify-model-deployment (accessed on 19 June 2024).
- Yang, Q.; Liu, Y.; Chen, T.; Tong, Y. Federated machine learning: Concept and applications. ACM Trans. Intell. Syst. Technol. (TIST) 2019, 10, 1–19. [Google Scholar] [CrossRef]
- Chen, T.; Guestrin, C. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd ACM Sigkdd International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, 13–17 August 2016; pp. 785–794. [Google Scholar]
- Bhattacharya, S.; Maddikunta, P.K.R.; Kaluri, R.; Singh, S.; Gadekallu, T.R.; Alazab, M.; Tariq, U. ANovel PCA-Firefly Based XGBoost Classification Model for Intrusion Detection in Networks Using GPU. Electronics 2020, 9, 219. [Google Scholar] [CrossRef]
- Chiriac, B.N.; Anton, A.D.; Ionita, A.D. A Hybrid IDS Architecture. Univ. Politeh. Buchar. Sci. Bull. C-Electr. Eng. Comput. Sci. 2023, 85, 77–90. [Google Scholar]
- Kane, S.P.; Matthias, K. Docker: Up & Running; O’Reilly Media, Inc.: Newton, MA, USA, 2023. [Google Scholar]
- Nvidia Group. What Is Triton Interface Server. 2024. Available online: https://catalog.ngc.nvidia.com/orgs/nvidia/containers/tritonserver (accessed on 1 September 2024).
- Nvidia Group. Nvidia Morpheus (24.06). 2024. Available online: https://docs.nvidia.com/morpheus/index.html (accessed on 18 August 2024).
- Chale, M.; Cox, B.; Weir, J.; Bastian, N.D. Constrained optimization based adversarial example generation for transfer attacks in network intrusion detection systems. Optim. Lett. 2023, 18, 2169–2188. [Google Scholar] [CrossRef]
Research | Research Topic | Dataset | Methodology | Accuracy | Challenges and Contribution |
---|---|---|---|---|---|
Klincer I.F. et al. [15] | Switch port anomaly-based IDS | Original dataset created with data captured through switch ports. Dataset contains attacks with a high rate of frequency in Local Area Network (LAN). | Vertical mode decomposition applied to dataset; statistical feature extraction for data preprocessing. Hybrid method of classification using the following ML algorithms: SVM, k-NN, DT, and BT. | >90% | Combination of all ML algorithms for obtaining a classification framework. Original dataset. Lack of dataset diversity because the captures were made in the monitoring LAN. |
Jasmin and Kurnaz [16] | Wireless Sensor Networks (IoT infrastructures) | CICIDS2017 | Combining CNN with BBO algorithms and making an analysis of this hybrid methodology using different optimizers. | 92–99% | Finding a hybrid solution with higher scores depending on the used activation functions and optimizers. BBO is slower than other classification methods. |
Duy P. et al. [18] | Function prevention on adversarial samples of IoT attacks. | CICIDS2018 NSL-KDD | A framework that can create attacks using Wasserstein GAN and a black box IDS. | 78–83% | Heterogeneous datasets. Generating polymorphic attacks. |
Tabassum, A. et al. [19] | IDS for IoT networks focused on the targeted device attack. | NSL-KDD KDD-CUPP99 UNSW-NB15 | A hybrid solution of federated learning (FL) and GAN networks used for classification. | 92–99% | Heterogeneous datasets. Finding hybrid solution able to identify polymorphic attacks which reduce by proceeding the training process using in a distributed manner with the help of FL. |
Herreo A. et al. [20] | A hybrid network-based IDS for attacks with impact on confidentiality, integrity, and availability (CIA model). | Real-time data | Combination of different AI paradigms for network traffic monitoring like case-based reasoning. | 72–92% | Real-time monitoring defined by a time-bounded analyzer component. |
Current Article | An IDS based on Nvidia Morpheus that integrates the XGBoost algorithms and GAN | 4SICS Morpheus Network traffic examples | Combining Nvidia Morpheus XGBoost pre-trained model with the GAN framework. | 87–90% | Improving the performances of pre-trained Nvidia Morpheus models for anomaly detection by generating polymorphic network traffic. Tested for offline analysis but capable of online monitoring due to Morpheus’ capabilities of processing large real-time data volumes. |
Solution | Time per Pipeline for Classification (Messages/s) | Accuracy | F1-Score |
---|---|---|---|
Nvidia Morpheus ABP pipeline | 39,466.32 | 0.9014 | 0.0932 |
Nvidia Morpheus IDS_GAN pipeline | 1240.72 | 0.8915 | 0.091 |
Nvidia Morpheus polymorphic attacks pipeline | 73,444.72 | 0.3925 | 0.0665 |
Evaluated Elements per Epoch | Precision | Recall | F1-Score | Accuracy | Epoch | D_Loss | G_Loss |
---|---|---|---|---|---|---|---|
Fake outputs | 0.46 | 0.08 | 0.14 | 0.24 | 1000 | 0.71287 | 0.79833 |
Real outputs | 0.20 | 0.70 | 0.32 | ||||
Macro avg | 0.33 | 0.39 | 0.23 | ||||
Weighted avg | 0.39 | 0.24 | 0.18 | ||||
Fake outputs | 0.79 | 0.88 | 0.83 | 0.73 | 3000 | 0.73069 | 0.70071 |
Real outputs | 0.45 | 0.29 | 0.35 | ||||
Macro avg | 0.62 | 0.59 | 0.59 | ||||
Weighted avg | 0.70 | 0.73 | 0.71 | ||||
Fake outputs | 0.89 | 0.84 | 0.86 | 0.80 | 4000 | 0.70829 | 0.75026 |
Real outputs | 0.58 | 0.68 | 0.63 | ||||
Macro avg | 0.73 | 0.76 | 0.74 | ||||
Weighted avg | 0.81 | 0.80 | 0.80 | ||||
Fake outputs | 0.53 | 0.19 | 0.28 | 0.26 | 5000 | 0.68967 | 0.68131 |
Real outputs | 0.17 | 0.48 | 0.25 | ||||
Macro avg | 0.35 | 0.34 | 0.26 | ||||
Weighted avg | 0.44 | 0.26 | 0.27 | ||||
Fake outputs | 0.78 | 0.74 | 0.76 | 0.65 | 6000 | 0.76955 | 0.78994 |
Real outputs | 0.33 | 0.38 | 0.35 | ||||
Macro avg | 0.56 | 0.56 | 0.56 | ||||
Weighted avg | 0.67 | 0.65 | 0.66 | ||||
Fake outputs | 0.82 | 0.98 | 0.89 | 0.82 | 10,000 | 0.7978 | 0.7210 |
Real outputs | 0.83 | 0.36 | 0.51 | ||||
Macro avg | 0.83 | 0.67 | 0.70 | ||||
Weighted avg | 0.82 | 0.82 | 0.80 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chiriac, B.-N.; Anton, F.-D.; Ioniță, A.-D.; Vasilică, B.-V. A Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks. Sensors 2025, 25, 130. https://doi.org/10.3390/s25010130
Chiriac B-N, Anton F-D, Ioniță A-D, Vasilică B-V. A Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks. Sensors. 2025; 25(1):130. https://doi.org/10.3390/s25010130
Chicago/Turabian StyleChiriac, Beatrice-Nicoleta, Florin-Daniel Anton, Anca-Daniela Ioniță, and Bogdan-Valentin Vasilică. 2025. "A Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks" Sensors 25, no. 1: 130. https://doi.org/10.3390/s25010130
APA StyleChiriac, B.-N., Anton, F.-D., Ioniță, A.-D., & Vasilică, B.-V. (2025). A Modular AI-Driven Intrusion Detection System for Network Traffic Monitoring in Industry 4.0, Using Nvidia Morpheus and Generative Adversarial Networks. Sensors, 25(1), 130. https://doi.org/10.3390/s25010130