A Comparative Study of AI-based Intrusion Detection Techniques in Critical Infrastructures

TL;DR

This paper compares AI-based intrusion detection systems for critical infrastructure sensors, analyzing machine learning, deep learning, and reinforcement learning methods, and evaluates their effectiveness using real attack data.

Contribution

It provides an in-depth comparative analysis of various AI-driven IDS techniques, including novel reinforcement learning approaches, for critical infrastructure security.

Findings

Q-IDS achieves 100% detection rate

SARSA-IDS and TD-IDS perform at around 99.5%

Reinforcement learning methods are highly effective for intrusion detection

Abstract

Volunteer computing uses Internet-connected devices (laptops, PCs, smart devices, etc.), in which their owners volunteer them as storage and computing power resources, has become an essential mechanism for resource management in numerous applications. The growth of the volume and variety of data traffic in the Internet leads to concerns on the robustness of cyberphysical systems especially for critical infrastructures. Therefore, the implementation of an efficient Intrusion Detection System for gathering such sensory data has gained vital importance. In this paper, we present a comparative study of Artificial Intelligence (AI)-driven intrusion detection systems for wirelessly connected sensors that track crucial applications. Specifically, we present an in-depth analysis of the use of machine learning, deep learning and reinforcement learning solutions to recognize intrusive behavior in the collected traffic. We evaluate the proposed mechanisms by using KD'99 as real attack data-set in our simulations. Results present the performance metrics for three different IDSs namely the Adaptively Supervised and Clustered Hybrid IDS (ASCH-IDS), Restricted Boltzmann Machine-based Clustered IDS (RBC-IDS) and Q-learning based IDS (QL-IDS) to detect malicious behaviors. We also present the performance of different reinforcement learning techniques such as State-Action-Reward-State-Action Learning (SARSA) and the Temporal Difference learning (TD). Through simulations, we show that QL-IDS performs with 100% detection rate while SARSA-IDS and TD-IDS perform at the order of 99.5%.