Detecting MITM Attacks Using DNN in IIoT Substation Systems
DOI:
https://doi.org/10.3991/ijoe.v22i04.58781Keywords:
Deep Neural Network, Industrial Internet of Things, Man-in-the-Middle, Intrusion Detection, Electrical SubstationAbstract
The integration of the Industrial Internet of Things (IIoT) in electrical substation systems has improved efficiency in operations but brought them under greater exposure to cyber threats, such as increased vulnerability to cyberattacks, particularly man-in-the-middle (MITM) attacks where information is altered and grid stability is affected. A deep neural network (DNN) structure dedicated to identifying MITM attacks on IIoT substation environments is presented in this paper. A large dataset of normal and attack network traffic was acquired by using a SCADA simulator to generate a realistic operating scenario. With 99.78% accuracy and ideal precision, recall, and F1-measures of classifying attack traffic, the proposed DNN model exhibits superior classification performance. An ontology that converts network anomalies into actionable operational insights for operators is used to visualize the detection results in an attempt to improve interpretability. Contextual visualization and correct anomaly detection cooperate to form a strong and valuable cybersecurity solution that safeguards critical infrastructure against sophisticated cyberattacks.
References
[1] J. Sengupta, S. Ruj, and S. Das Bit, “A Comprehensive Survey on Attacks, Security Issues and Blockchain Solutions for IoT and IIoT,” Jan. 01, 2020, Academic Press. doi: 10.1016/j.jnca.2019.102481.
[2] D. Xu, W. Niu, Q. Li, H. Li, and L. Cheng, “Enhancing power marketing audit through IoT and multi-sensor information fusion: A substation scenario analysis,” Computers and Electrical Engineering, vol. 118, Aug. 2024, doi: 10.1016/j.compeleceng.2024.109312.
[3] H. Sarjan, A. Ameli, and M. Ghafouri, “Cyber-Security of Industrial Internet of Things in Electric Power Systems,” IEEE Access, vol. 10, pp. 92390–92409, 2022, doi: 10.1109/ACCESS.2022.3202914.
[4] R. Basri et al., “Enhancing IoT security: Assessing instantaneous communication trust to detect man-in-the-middle attacks,” Future Generation Computer Systems, vol. 166, May 2025, doi: 10.1016/j.future.2025.107714.
[5] M. Al-Fawa’reh, J. Abu-khalaf, N. Janjua, and P. Szewczyk, “On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks,” Journal of Network and Computer Applications, vol. 235, p. 104102, Mar. 2025, doi: 10.1016/j.jnca.2024.104102.
[6] H. Fereidouni, O. Fadeitcheva, and M. Zalai, “IoT and Man-in-the-Middle Attacks,” Aug. 2023, doi: 10.1002/spy2.70016.
[7] Y. Qiao, D. Chen, Q. Z. Sun, G. Tian, and W. Wang, “Unveiling stealthy man-in-the-middle cyber-attacks on energy performance in grid-interactive smart buildings,” Energy Convers Manag, vol. 319, Nov. 2024, doi: 10.1016/j.enconman.2024.118949.
[8] S. A. Abdulkareem, C. H. Foh, F. Carrez, and K. Moessner, “A lightweight SEL for attack detection in IoT/IIoT networks,” Journal of Network and Computer Applications, vol. 230, Oct. 2024, doi: 10.1016/j.jnca.2024.103980.
[9] S. Ismail, S. Dandan, and A. Qushou, “Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets,” IEEE Access, vol. 13, pp. 73468–73485, 2025, doi: 10.1109/ACCESS.2025.3554083.
[10] S. Ismail, S. Dandan, D. W. Dawoud, and H. Reza, “A Comparative Study of Lightweight Machine Learning Techniques for Cyber-Attacks Detection in Blockchain-Enabled Industrial Supply Chain,” IEEE Access, vol. 12, pp. 102481–102491, 2024, doi: 10.1109/ACCESS.2024.3432454.
[11] M. H. ur Rehman, A. M. Dirir, K. Salah, E. Damiani, and D. Svetinovic, “TrustFed: A Framework for Fair and Trustworthy Cross-Device Federated Learning in IIoT,” IEEE Trans Industr Inform, vol. 17, no. 12, pp. 8485–8494, Dec. 2021, doi: 10.1109/TII.2021.3075706.
[12] Z. E. Huma et al., “A Hybrid Deep Random Neural Network for Cyberattack Detection in the Industrial Internet of Things,” IEEE Access, vol. 9, pp. 55595–55605, 2021, doi: 10.1109/ACCESS.2021.3071766.
[13] H. Dong, I. Kotenko, and D. Levshun, “Next-generation IIoT security: Comprehensive comparative analysis of CNN-based approaches,” Knowl Based Syst, vol. 316, May 2025, doi: 10.1016/j.knosys.2025.113337.
[14] M. S. Alshehri, O. Saidani, F. S. Alrayes, S. F. Abbasi, and J. Ahmad, “A Self-Attention-Based Deep Convolutional Neural Networks for IIoT Networks Intrusion Detection,” IEEE Access, vol. 12, pp. 45762–45772, 2024, doi: 10.1109/ACCESS.2024.3380816.
[15] S. Ullah, W. Boulila, A. Koubaa, and J. Ahmad, “Attention-Based Hybrid Deep Learning Model for Intrusion Detection in IIoT Networks,” Procedia Comput Sci, vol. 246, pp. 3323–3332, 2024, doi: 10.1016/j.procs.2024.09.307.
[16] A. Venčkauskas, J. Toldinas, N. Morkevičius, and F. Sanfilippo, “An Email Cyber Threat Intelligence Method Using Domain Ontology and Machine Learning,” Electronics (Switzerland), vol. 13, no. 14, Jul. 2024, doi: 10.3390/electronics13142716.
[17] M. Keshavarzi and H. R. Ghaffary, “An ontology-driven framework for knowledge representation of digital extortion attacks,” Comput Human Behav, vol. 139, Feb. 2023, doi: 10.1016/j.chb.2022.107520.
[18] F. Alqurashi and I. Ahmad, “A data-driven multi-perspective approach to cybersecurity knowledge discovery through topic modelling,” Alexandria Engineering Journal, vol. 107, pp. 374–389, Nov. 2024, doi: 10.1016/j.aej.2024.07.044.
[19] P. Spadaccino and F. Cuomo, “Intrusion Detection Systems for IoT: opportunities and challenges offered by Edge Computing INTRUSION DETECTION SYSTEMS FOR IOT: OPPORTUNITIES AND CHALLENGES OFFERED BY EDGE COMPUTING AND MACHINE LEARNING,” 2020, doi: 10.48550/arXiv.2012.01174.
[20] G. Abbas, M. Ali, M. Ahmad, and A. Khan, “CIRA-Cyber Intelligent Risk Assessment Methodology for Industrial Internet of Things Based on Machine Learning,” IEEE Access, vol. 13, pp. 77001–77016, 2025, doi: 10.1109/ACCESS.2025.3559617.
[21] A. Hassan, N. Nizam-Uddin, A. Quddus, S. R. Hassan, A. U. Rehman, and S. Bharany, “Navigating IoT Security: Insights into Architecture, Key Security Features, Attacks, Current Challenges and AI-Driven Solutions Shaping the Future of Connectivity,” 2024, Tech Science Press. doi: 10.32604/cmc.2024.057877.
[22] J. Roldán-Gómez, J. Boubeta-Puig, J. Carrillo-Mondéjar, J. M. Castelo Gómez, and J. M. del Rincón, “An automatic complex event processing rules generation system for the recognition of real-time IoT attack patterns,” Eng Appl Artif Intell, vol. 123, Aug. 2023, doi: 10.1016/j.engappai.2023.106344.
[23] F. S. Alrayes, M. Zakariah, S. U. Amin, Z. I. Khan, and J. S. Alqurni, “Network Security Enhanced with Deep Neural Network-Based Intrusion Detection System,” Computers, Materials and Continua, vol. 80, no. 1, pp. 1457–1490, 2024, doi: 10.32604/cmc.2024.051996.
[24] W. Alawsi, “Intrusion Detection in IoT Networks Using Machine Learning Techniques,” International Journal of Computers and Informatics, vol. 2, no. 8, pp. 9–33, Dec. 2023, doi: 10.59992/ijci.2023.v2n8p1.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Dwi Prasetya, Dendi Renaldo Permana, M. Rafie Al Hamas, Deris Stiawan, Tami A. Alghamdi, Rahmat Budiarto

This work is licensed under a Creative Commons Attribution 4.0 International License.

