Interpretable Cyber Threat Detection for Enterprise Industrial Networks: A Computational Design Science Approach

TL;DR

This paper presents a novel, interpretable two-stage cyber threat detection system for enterprise industrial networks, combining synthetic data generation and advanced neural network techniques to improve detection accuracy and interpretability.

Contribution

The study introduces a new two-stage threat detection framework that integrates synthetic data generation with a bidirectional GRU and attention mechanism, enhancing interpretability and adaptability.

Findings

High precision in threat detection demonstrated on public datasets

Effective use of Shapley explanations for interpretability

Framework offers practical cybersecurity solutions

Abstract

Enterprise industrial networks face threats that risk data and operations. However, designing efficient threat detection system is challenging due to data scarcity, especially where privacy is a concern. The complexity of enterprise industrial network data adds to this challenge, causing high false positives and interpretation issues. Towards this, we use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS that are both secure and capable of adapting to evolving technological and business environments. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection. We also use shapley additive explanations and a decision tree technique for enhancing interpretability. Our analysis on two public datasets shows the frameworks high precision in threat detection and offers practical cybersecurity solutions and methodological advancements.