Enhancing Cybersecurity in Agriculture 4.0: A Novel Intrusion Detection System Using Prairie Dog Optimization

By Samudrapom DamReviewed by Susha Cheriyedath, M.Sc.Sep 19 2023

In a paper recently published in the journal Scientific Reports, researchers demonstrated the feasibility of using a prairie dog optimization (PDO) algorithm with an intrusion detection system (IDS) model built on one-dimensional convolutional neural networks (1D-CNN) to predict distributed denial of service (DDoS) attacks in agriculture 4.0.

Background

Agriculture 4.0 primarily involves the use of new approaches and technologies to effectively address the existing issues in agriculture, including crop illnesses, chemical overuse, and climate change, to minimize risks, improve efficiency, and increase the current production levels to meet the growing global requirements for food.

Different solutions utilized in Agriculture 4.0 provide several benefits to farmers, including early detection of crop diseases, spending less time on manual labor, more accurate predicted yield estimates, and improved crop-related environmental parameter monitoring.

However, the interconnectedness of various Internet of Things (IoT) devices and sensors in these solutions significantly increases the risk of DDoS attacks as such devices can contain outdated or unpatched software/firmware, leading to distortions/disruptions in normal operations.

Importance of IDS

IDS can be used to track and eliminate potentially harmful network activities. An IDS is primarily a network monitoring device that can identify anomalous/suspicious activities and allow pre-emptive actions against potential intrusion threats.

For instance, anomaly-based IDS/behavior-based detection depends on machine learning (ML) methods and frequent activity monitoring to compare safe, known behavior patterns to any emerging suspicious behavior.

Recent studies have displayed the effectiveness of IDS arrangements using deep learning (DL) algorithms for cloud computing, internet-connected vehicles (IoVs), smart grids, cyberphysical systems, large data environments, and IoT networks.

However, overcoming several challenges, such as insufficient training data, poor data quality, training data that does not actually represent the real world, unwanted/irrelevant features, underfitting the training data, and deploying and learning the model online, is crucial for the effective implementation of IDS in agriculture.

The proposed approach

In this paper, researchers proposed an IDS model built on 1D-CNN that utilizes PDO (IDSNet-PDO) to predict potential DDoS attacks in agriculture 4.0. Researchers used the PDO to fine-tune the IDSNet training settings.

The proposed model’s performance was compared across binary and multiclass classifications with the existing recurrent neural network (RNN) and long short-term memory (LSTM) models using two newly published real-world traffic datasets, including the TON_IoT dataset and the CICDDoS2019 dataset to determine the feasibility of using this model for agriculture 4.0 cybersecurity.

Researchers used the up-to-date datasets extensively used for developing intrusion detection algorithms in industrial IoT (IIoT) networks to address the existing challenges in implementing IDS in agriculture.

The proposed IDSNet model only required a single raw input, while its reduced number of layers saved time during training. In the first step, the optimization and training methods, layer count, filter amount, and filter size were fine-tuned.

Additionally, the hypersettings of the network, including batch size, epochs, learning rate, and training lot size, were tweaked. A CNN structure was then built, with the size and number of filters available in every convolutional layer determined by the number of layers in the model network.

The network layer utilized algorithms to prioritize and discover the most relevant raw data aspects for mining. Researchers employed a convolutive layer/convolution process to the input data to realize this goal, which led to a longer vector from which a maximum clustering criterion/ max-pooling layer was used to extract the most relevant features.

Researchers performed the entire process four times with different numbers of kernels added to every convolutive + max-pooling set. This adjustment was made to generate feature maps that precisely display the non-linearity of signals.

The first three values of a feature map were generated in a sequence using a filter with a sliding pass of one sample and a duration of three samples on each convolutional layer. Eventually, the PDO method was utilized to fine-tune the IDSNet hyper-parameters such as momentum and learning rate.

Significance of the study

The CICDDoS2019 dataset of seven classes/ Dataset_7_class was tested using the proposed IDSNet-PDO model and generic LSTM and RNN models. Different attack types were considered for comparative analysis of accuracy among the three models.

The proposed IDSNet-PDO model achieved a higher accuracy compared to both generic models in DrDoS_LDAPs, TNR (BENIGN), DrDoS_NetBIOS, and DrDoS_UDPs attack types, and almost a similar accuracy as other generic models in the DrDoS_MSSQL attack type.

Multi-class analysis of the TON_IoT dataset demonstrated that the detection accuracy of RNN, LSTM, and IDSNet-PDO was 93%, 94%, and 96%, respectively, in normal attacks, and 94%, 95%, and 98%, respectively, in DDoS attacks.

In the different classes of the CICDDoS2019 dataset/ Dataset_13_class, all three models demonstrated 100% accuracy in TNR (BENIGN) attacks. The proposed model displayed a higher accuracy than other generic models, DrDoS_NTP, DrDoS_MSSQL, and Syns attack types. All models demonstrated similar accuracy in the DrDoS_LDAP and DrDoS_SNMP attack types.

In the Dataset_2_class generated from the CICDDoS2019 dataset, the proposed IDSNet-PDO showed a higher accuracy than generic models in TNR (BENIGN) attacks, while all models achieved 100% accuracy in the attack type.

The comparative analysis of the proposed technique with the existing techniques in the literature demonstrated that the IDSNet-PDO models possessed the highest accuracy, recall, F-score, and precision compared to all models, including support vector machine (SVM), random forest (RF), decision tree (DT), LSTM, auto-encoder, RNN, and 1D-CNN, due to the use of PDO for the selection of optimal features.