Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Blockchain and Deep Learning-Based IDS for Securing SDN-Enabled Industrial IoT Environments

Samira Kamali Poorazad, Chafika Benzaıd, Tarik Taleb

TL;DR

This work tackles security in SDN-enabled IIoT by coupling a CNN-based IDS deployed as an SDN application with a blockchain-based security layer to defend against network-layer flow-rule injections and application-layer command injections. The proposed two-component framework enables cross-layer threat detection and integrity verification, reducing the impact of MITM and related attacks across both control and data planes. Empirical evaluation on a natural gas pipeline-inspired dataset shows high classification performance, with binary and multi-class accuracies generally in the mid-to-high 90s and CNN outperforming conventional baselines. The approach offers a practical path toward more secure, scalable IIoT deployments leveraging SDN programmability and decentralized ledger technology, with future work focusing on data balancing and multi-controller architectures.

Abstract

The industrial Internet of Things (IIoT) involves the integration of Internet of Things (IoT) technologies into industrial settings. However, given the high sensitivity of the industry to the security of industrial control system networks and IIoT, the use of software-defined networking (SDN) technology can provide improved security and automation of communication processes. Despite this, the architecture of SDN can give rise to various security threats. Therefore, it is of paramount importance to consider the impact of these threats on SDN-based IIoT environments. Unlike previous research, which focused on security in IIoT and SDN architectures separately, we propose an integrated method including two components that work together seamlessly for better detecting and preventing security threats associated with SDN-based IIoT architectures. The two components consist in a convolutional neural network-based Intrusion Detection System (IDS) implemented as an SDN application and a Blockchain-based system (BS) to empower application layer and network layer security, respectively. A significant advantage of the proposed method lies in jointly minimizing the impact of attacks such as command injection and rule injection on SDN-based IIoT architecture layers. The proposed IDS exhibits superior classification accuracy in both binary and multiclass categories.

Blockchain and Deep Learning-Based IDS for Securing SDN-Enabled Industrial IoT Environments

TL;DR

This work tackles security in SDN-enabled IIoT by coupling a CNN-based IDS deployed as an SDN application with a blockchain-based security layer to defend against network-layer flow-rule injections and application-layer command injections. The proposed two-component framework enables cross-layer threat detection and integrity verification, reducing the impact of MITM and related attacks across both control and data planes. Empirical evaluation on a natural gas pipeline-inspired dataset shows high classification performance, with binary and multi-class accuracies generally in the mid-to-high 90s and CNN outperforming conventional baselines. The approach offers a practical path toward more secure, scalable IIoT deployments leveraging SDN programmability and decentralized ledger technology, with future work focusing on data balancing and multi-controller architectures.

Abstract

The industrial Internet of Things (IIoT) involves the integration of Internet of Things (IoT) technologies into industrial settings. However, given the high sensitivity of the industry to the security of industrial control system networks and IIoT, the use of software-defined networking (SDN) technology can provide improved security and automation of communication processes. Despite this, the architecture of SDN can give rise to various security threats. Therefore, it is of paramount importance to consider the impact of these threats on SDN-based IIoT environments. Unlike previous research, which focused on security in IIoT and SDN architectures separately, we propose an integrated method including two components that work together seamlessly for better detecting and preventing security threats associated with SDN-based IIoT architectures. The two components consist in a convolutional neural network-based Intrusion Detection System (IDS) implemented as an SDN application and a Blockchain-based system (BS) to empower application layer and network layer security, respectively. A significant advantage of the proposed method lies in jointly minimizing the impact of attacks such as command injection and rule injection on SDN-based IIoT architecture layers. The proposed IDS exhibits superior classification accuracy in both binary and multiclass categories.
Paper Structure (16 sections, 5 figures, 5 tables)

This paper contains 16 sections, 5 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. IoT/IIoT Security and IDS-based Solutions
  4. SDN-based IoT/IIoT Security
  5. SDN Security and Blockchain-based Solutions
  6. Methodology
  7. System Model
  8. Attack Model
  9. Method Suggested
  10. Implementation
  11. System 1 Operation in Implementation
  12. System 2 Operation in Implementation
  13. Evaluation
  14. IDS Evaluation Before Calling in Ryu
  15. IDS Evaluation in the Form of an SDN Application
  16. ...and 1 more sections

Figures (5)

  • Figure 1: Layered architecture of SDN-based IIoT networks.
  • Figure 2: Attack model.
  • Figure 3: Flow chart of the proposed method.
  • Figure 4: Model's accuracy and loss at every epoch in binary-class classification.
  • Figure 5: Model's accuracy and loss at every epoch in multi-class classification.