Efficient behaviour specification and bidirectional gated recurrent units‐based intrusion detection method for industrial control systems

Intrusion detection is a prevailing area of research for several years, and numerous intrusion detection systems have been proposed for industrial control systems (ICS). In recent ages, the attacks like seismic net , duqu and flame against ICS infrastructures have instigated great harm to nuclear infrastructures and precarious facilities in several nations. The authors outline an approach to detect intrusions/anomalies in ICS. A method is presented to detect intrusions in real‐time and automatically. The existing techniques are normally designed for open systems and protocols, that lacks adequate generalisation and resistance to acclimate to other networks, and they have either short detection rate or tall rate of false positive. This Letter presents a network packet contents behaviour and bidirectional Gated Recurrent Units‐based method to detect intrusions in a timely and efficient manner. The method has proven a robust method of classifying intrusions/anomalies in a proficient way. Through extensive evaluation on an actual huge scale dataset spawned from SCADA‐based gas pipeline network, the proposed method shows significant performance enhancement and outclasses the standard state‐of‐the‐art methods with 98.68% rate of accuracy. Moreover, it is also able to detect zero‐day (unseen) attacks.