Detecting MITM Attacks Using DNN in IIoT Substation Systems

Authors

DOI:

https://doi.org/10.3991/ijoe.v22i04.58781

Keywords:

Deep Neural Network, Industrial Internet of Things, Man-in-the-Middle, Intrusion Detection, Electrical Substation

Abstract


The integration of the Industrial Internet of Things (IIoT) in electrical substation systems has improved efficiency in operations but brought them under greater exposure to cyber threats, such as increased vulnerability to cyberattacks, particularly man-in-the-middle (MITM) attacks where information is altered and grid stability is affected. A deep neural network (DNN) structure dedicated to identifying MITM attacks on IIoT substation environments is presented in this paper. A large dataset of normal and attack network traffic was acquired by using a SCADA simulator to generate a realistic operating scenario. With 99.78% accuracy and ideal precision, recall, and F1-measures of classifying attack traffic, the proposed DNN model exhibits superior classification performance. An ontology that converts network anomalies into actionable operational insights for operators is used to visualize the detection results in an attempt to improve interpretability. Contextual visualization and correct anomaly detection cooperate to form a strong and valuable cybersecurity solution that safeguards critical infrastructure against sophisticated cyberattacks.

Author Biographies

Dendi Renaldo Permana, Sriwijaya University, Palembang, Indonesia

Received a B.Com. degree in the information system program at University Riau. His main focus during his career was initially software engineer and machine learning engineer. Then he received a scholarship called the magister menuju doktor untuk sarjana unggul (PMDSU) in 2023 to continue his master's and doctoral studies in computer science at Universitas Sriwijaya with a focus on research in the field of cyber threat intelligence

M. Rafie Al Hamas, Sriwijaya University, Palembang, Indonesia

Graduated with a Bachelor's degree in Computer Systems from Universitas Sriwijaya. He has a strong interest in computer networks, cybersecurity, and system administration, which is supported by various professional certifications he has obtained

Deris Stiawan, Sriwijaya University, Palembang, Indonesia

Received his Ph.D. degree in computer engineering from Universiti Teknologi Malaysia, Malaysia. He is currently a Professor with the Faculty of Computer Science, Universitas Sriwijaya. His research interests include computer networks, intrusion detection/prevention systems, and heterogeneous networks

Tami A. Alghamdi, Al-Baha University, Al Baha, KSA

obtained his bachelor's and master's in computer science at Western Illinois University.  Tami received a Ph.D. in Computer Science at the University of Idaho in 2022. Currently, He is an assistant professor at the College of Computing and Information, Al-Baha University, Kingdom of Saudi Arabia. His research interests are machine learning, transfer learning, genetic algorithms, and data science

Rahmat Budiarto, Al-Baha University, Al Baha, KSA

Received Dr. Eng. in Computer Science from Nagoya Institute of Technology, Japan, in 1998. Currently, he is a full professor at the College of Computing and Information, Albaha University, Saudi Arabia. His research interests include intelligent systems, brain modeling, IPv6, network security, wireless sensor networks, and MANETs. He was chairing, APAN Security Working Group (2006-2009), established IPv6 research center (NAv6 Center), at Universiti Sains Malaysia (USM), in 2005, then was appointed as the Deputy Director of the center (2005-2009)

References

[1] J. Sengupta, S. Ruj, and S. Das Bit, “A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT,” Jan. 01, 2020, Academic Press. doi: 10.1016/j.jnca.2019.102481.

[2] D. Xu, W. Niu, Q. Li, H. Li, and L. Cheng, “Enhancing power marketing audit through IoT and multi-sensor information fusion: A substation scenario analysis,” Computers and Electrical Engineering, vol. 118, Aug. 2024, doi: 10.1016/j.compeleceng.2024.109312.

[3] H. Sarjan, A. Ameli, and M. Ghafouri, “Cyber-Security of Industrial Internet of Things in Electric Power Systems,” IEEE Access, vol. 10, pp. 92390–92409, 2022, doi: 10.1109/ACCESS.2022.3202914.

[4] R. Basri et al., “Enhancing IoT security: Assessing instantaneous communication trust to detect man-in-the-middle attacks,” Future Generation Computer Systems, vol. 166, May 2025, doi: 10.1016/j.future.2025.107714.

[5] M. Al-Fawa’reh, J. Abu-khalaf, N. Janjua, and P. Szewczyk, “On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks,” Journal of Network and Computer Applications, vol. 235, p. 104102, Mar. 2025, doi: 10.1016/j.jnca.2024.104102.

[6] H. Fereidouni, O. Fadeitcheva, and M. Zalai, “IoT and Man-in-the-Middle Attacks,” Aug. 2023, doi: 10.1002/spy2.70016.

[7] Y. Qiao, D. Chen, Q. Z. Sun, G. Tian, and W. Wang, “Unveiling stealthy man-in-the-middle cyber-attacks on energy performance in grid-interactive smart buildings,” Energy Convers Manag, vol. 319, Nov. 2024, doi: 10.1016/j.enconman.2024.118949.

[8] S. A. Abdulkareem, C. H. Foh, F. Carrez, and K. Moessner, “A lightweight SEL for attack detection in IoT/IIoT networks,” Journal of Network and Computer Applications, vol. 230, Oct. 2024, doi: 10.1016/j.jnca.2024.103980.

[9] S. Ismail, S. Dandan, and A. Qushou, “Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets,” IEEE Access, vol. 13, pp. 73468–73485, 2025, doi: 10.1109/ACCESS.2025.3554083.

[10] S. Ismail, S. Dandan, D. W. Dawoud, and H. Reza, “A Comparative Study of Lightweight Machine Learning Techniques for Cyber-Attacks Detection in Blockchain-Enabled Industrial Supply Chain,” IEEE Access, vol. 12, pp. 102481–102491, 2024, doi: 10.1109/ACCESS.2024.3432454.

[11] M. H. ur Rehman, A. M. Dirir, K. Salah, E. Damiani, and D. Svetinovic, “TrustFed: A Framework for Fair and Trustworthy Cross-Device Federated Learning in IIoT,” IEEE Trans Industr Inform, vol. 17, no. 12, pp. 8485–8494, Dec. 2021, doi: 10.1109/TII.2021.3075706.

[12] Z. E. Huma et al., “A Hybrid Deep Random Neural Network for Cyberattack Detection in the Industrial Internet of Things,” IEEE Access, vol. 9, pp. 55595–55605, 2021, doi: 10.1109/ACCESS.2021.3071766.

[13] H. Dong, I. Kotenko, and D. Levshun, “Next-generation IIoT security: Comprehensive comparative analysis of CNN-based approaches,” Knowl Based Syst, vol. 316, May 2025, doi: 10.1016/j.knosys.2025.113337.

[14] M. S. Alshehri, O. Saidani, F. S. Alrayes, S. F. Abbasi, and J. Ahmad, “A Self-Attention-Based Deep Convolutional Neural Networks for IIoT Networks Intrusion Detection,” IEEE Access, vol. 12, pp. 45762–45772, 2024, doi: 10.1109/ACCESS.2024.3380816.

[15] S. Ullah, W. Boulila, A. Koubaa, and J. Ahmad, “Attention-Based Hybrid Deep Learning Model for Intrusion Detection in IIoT Networks,” Procedia Comput Sci, vol. 246, pp. 3323–3332, 2024, doi: 10.1016/j.procs.2024.09.307.

[16] A. Venčkauskas, J. Toldinas, N. Morkevičius, and F. Sanfilippo, “An Email Cyber Threat Intelligence Method Using Domain Ontology and Machine Learning,” Electronics (Switzerland), vol. 13, no. 14, Jul. 2024, doi: 10.3390/electronics13142716.

[17] M. Keshavarzi and H. R. Ghaffary, “An ontology-driven framework for knowledge representation of digital extortion attacks,” Comput Human Behav, vol. 139, Feb. 2023, doi: 10.1016/j.chb.2022.107520.

[18] F. Alqurashi and I. Ahmad, “A data-driven multi-perspective approach to cybersecurity knowledge discovery through topic modelling,” Alexandria Engineering Journal, vol. 107, pp. 374–389, Nov. 2024, doi: 10.1016/j.aej.2024.07.044.

[19] P. Spadaccino and F. Cuomo, “Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing INTRUSION DETECTION SYSTEMS FOR IOT: OPPORTUNITIES AND CHALLENGES OFFERED BY EDGE COMPUTING AND MACHINE LEARNING,” 2020, doi: 10.48550/arXiv.2012.01174.

[20] G. Abbas, M. Ali, M. Ahmad, and A. Khan, “CIRA-Cyber Intelligent Risk Assessment Methodology for Industrial Internet of Things Based on Machine Learning,” IEEE Access, vol. 13, pp. 77001–77016, 2025, doi: 10.1109/ACCESS.2025.3559617.

[21] A. Hassan, N. Nizam-Uddin, A. Quddus, S. R. Hassan, A. U. Rehman, and S. Bharany, “Navigating IoT Security: Insights into Architecture, Key Security Features, Attacks, Current Challenges and AI-Driven Solutions Shaping the Future of Connectivity,” 2024, Tech Science Press. doi: 10.32604/cmc.2024.057877.

[22] J. Roldán-Gómez, J. Boubeta-Puig, J. Carrillo-Mondéjar, J. M. Castelo Gómez, and J. M. del Rincón, “An automatic complex event processing rules generation system for the recognition of real-time IoT attack patterns,” Eng Appl Artif Intell, vol. 123, Aug. 2023, doi: 10.1016/j.engappai.2023.106344.

[23] F. S. Alrayes, M. Zakariah, S. U. Amin, Z. I. Khan, and J. S. Alqurni, “Network Security Enhanced with Deep Neural Network-Based Intrusion Detection System,” Computers, Materials and Continua, vol. 80, no. 1, pp. 1457–1490, 2024, doi: 10.32604/cmc.2024.051996.

[24] W. Alawsi, “Intrusion Detection in IoT Networks Using Machine Learning Techniques,” International Journal of Computers and Informatics, vol. 2, no. 8, pp. 9–33, Dec. 2023, doi: 10.59992/ijci.2023.v2n8p1.

Cover iJOE – Vol 22, No 04 (2026)

Downloads

Published

2026-04-10

How to Cite

Prasetya, D., Renaldo Permana, D., Al Hamas, M. R., Stiawan, D., A. Alghamdi, T., & Budiarto, R. (2026). Detecting MITM Attacks Using DNN in IIoT Substation Systems. International Journal of Online and Biomedical Engineering (iJOE), 22(04), pp. 155–170. https://doi.org/10.3991/ijoe.v22i04.58781

Issue

Vol. 22 No. 04 (2026)

Section

Papers

License

Copyright (c) 2026 Dwi Prasetya, Dendi Renaldo Permana, M. Rafie Al Hamas, Deris Stiawan, Tami A. Alghamdi, Rahmat Budiarto

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.