Artificial Intelligence Review (2021) 54:3849–3886

https://doi.org/10.1007/s10462-020-09942-2

Artificial intelligence, cyber‑threats and Industry 4.0:

challenges and opportunities

Adrien Bécue1 · Isabel Praça2 · João Gama3

Published online: 4 February 2021

© The Author(s), under exclusive licence to Springer Nature B.V. part of Springer Nature 2021

Abstract
This survey paper discusses opportunities and threats of using artificial intelligence (AI)
technology in the manufacturing sector with consideration for offensive and defensive uses
of such technology. It starts with an introduction of Industry 4.0 concept and an under-
standing of AI use in this context. Then provides elements of security principles and detec-
tion techniques applied to operational technology (OT) which forms the main attack sur-
face of manufacturing systems. As some intrusion detection systems (IDS) already involve
some AI-based techniques, we focus on existing machine-learning and data-mining based
techniques in use for intrusion detection. This article presents the major strengths and
weaknesses of the main techniques in use. We also discuss an assessment of their rele-
vance for application to OT, from the manufacturer point of view. Another part of the paper
introduces the essential drivers and principles of Industry 4.0, providing insights on the
advent of AI in manufacturing systems as well as an understanding of the new set of chal-
lenges it implies. AI-based techniques for production monitoring, optimisation and control
are proposed with insights on several application cases. The related technical, operational
and security challenges are discussed and an understanding of the impact of such transi-
tion on current security practices is then provided in more details. The final part of the
report further develops a vision of security challenges for Industry 4.0. It addresses aspects
of orchestration of distributed detection techniques, introduces an approach to adver-
sarial/robust AI development and concludes with human–machine behaviour monitoring
requirements.

Keywords Intrusion detection systems · Security · Industry 4.0 · Artificial intelligence

* Adrien Bécue
[email protected]
Isabel Praça
[email protected]
João Gama
[email protected]
1
Airbus Cybersecurity, Élancourt, France
2
ISEP/GECAD, Porto, Portugal
3
INESC TEC, Porto, Portugal

13
Vol.:(0123456789)
3850 A. Bécue et al.

Abbreviations
AD Anomaly detection
AI Artificial intelligence
ANN Artificial neural Networks
APT Advanced persistent threat
CMfg Cloud manufacturing
CERT Computer emergency response team
CPS Cyber-physical system
DM Data mining
DR Detection rate
DOS Denial of service
DDoS Distributed denial of service
EDR Endpoint detection and response
FAR False alarm rate
FoF Factory of the future
GA Genetic algorithm
HIDS Host-based intrusion detection system
HMM Hidden Markov models (HMM)
I4.0 Industry 4.0
ICS Industrial Control System
IDS Intrusion Detection System
IoT Internet of Things
IIoT Industrial Internet of Things
KDD Knowledge discovery in data bases
M2M Machine to machine communication
MAC Media access control
MD Misuse detection
ML Machine learning
NIDS Network intrusion detection system
OT Operational technology
P-BEST Production based expert system toolset
PCAP Application programming interface (API)
R2L Remote to local (attack)
SIEM Security incident and event management
SIS Safety instrumented systems
R&T Research and technology
STAT​ State transition analysis technique
SVM Support vector machines
U2R User to remote (attack)

1 Introduction

The recent cyber attacks on Renault (Eisenstein 2017), Saint-Gobain (2017), Ros-
nef and Merck (Offshore Engineering 2017), among others have spotlighted cyber-
security-related threats towards industry, and their unexpected financial and busi-
ness impacts. In May 2017 one day of production shut-down in Renault factories cost
several million euros to the group (Eisenstein 2017). Unlike risks affecting regular

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3851

Information Technology (IT) systems, attacks targeting operational technology (OT)

which supports industrial processes can cause physical damages and casualties (Light-
man et al. 2015). When it comes to the manufacturing sector, business impacts add up
to safety risks and confidentiality loss (Lightman et al. 2015). The damage can only
grow bigger with ultra-digitized plants as envisaged in the vision of Industry 4.0, a
concept originally defined by an eponym German governmental project as: “fostering
strong customization of products under the conditions of highly flexible production,
introduction of methods of self-optimization, self-configuration, self-diagnosis, cogni-
tion and intelligent support of workers in their increasingly complex work.” (European
commission 2017). The term as accepted today embraces more broadly the technologi-
cal, organizational, economical and societal changes driven by enhanced digitization
of manufacturing industry.
The role of artificial intelligence (AI) (Russell and Norvig 2009) is undoubtedly
central in the factory of the future (FoF) as promoted by Industry 4.0 vision and
reflected in the Strategic Multi-Annual Roadmap for Factories of The Future (Facto-
ries of the Future PPP 2020). In particular because the FoF is highly connected and
thus generates tremendous amounts of exploitable data which AI techniques suitably
ingest. Machine learning (ML) in particular is heavily involved in autonomous and
collaborative robotics which will populate the shop floor of the FoF (Factories of the
Future PPP 2020). ML definition is commonly attributed to Samuel (1959) as “field of
study that gives computers the ability to learn without being explicitly programmed”.
Machine learning algorithms construct decision models by generalizing from train-
ing data. The literature identifies few learning modes. In supervised ML techniques
(Russell and Norvig 2009), the training data set will be completely labeled based on
expert knowledge and the algorithm will find a function or model that explains the
data. Unsupervised approaches (Hinton and Sejnowski 1999) consist in finding pat-
terns, structures, or knowledge in unlabeled data. Semi-supervised approaches consist
in labeling a portion of the data based on expert knowledge during acquisition phase.
Data mining (DM) (Robert and Trevor 2009) is the specific step in knowledge dis-
covery in databases (KDD) process where a specific algorithm is used to extract pat-
terns from data. To distinguish, ML focuses on classification and prediction based on
known properties previously learned from training data and needs a predefined goal.
DM focuses on the discovery of previously unknown properties in the data. It does not
need a specific initial goal. This article however accepts there is a significant overlap
between them and uses those term indifferently under the label ML/DM methods.
In the context of this article, the role of AI can be considered from various per-
spectives: a strong optimization trigger from the point of view of the manufacturer
(Cohen 1989), a new attack vector or an additional toolkit item for the cyber-offender
(Szychter et al. 2018), a new point of vulnerability or a new asset for detection from
the point of view of the cyber-defender (Yampolskiy and Spellchecker 2016). DM
techniques support fault prediction and advanced process control applications. ML is
involved in existing OT intrusion detection systems (OT IDS) and will most likely also
support the next generation of attack toolkits. In this report we will provide insights
on AI both as a new industrial asset and as a decisive advantage in the confrontation
between cyber-offenders and cyber-defenders. Section 2 provides an outlook on Indus-
try 4.0 concept and the specific role of AI in this context. In Section 3 we introduce
state of the art OT security tools and techniques. In Sect. 4 we examine the challenges
related with the AI in Industry 4.0. Finally, Sect. 5 presents our conclusions.

13
3852 A. Bécue et al.

2 Novelty of Industry 4.0 and involvement of AI in manufacturing

Industry 4.0 transformation relies on a set of key technologies which apply throughout
the industrial value chain from the physical shop floor level up to virtual and informa-
tional levels. Additive manufacturing techniques provide enhanced production flexibil-
ity and ability to manufacture highly customized goods (Moon et al. 2018). Autono-
mous and collaborative robotics enhance the ability of machines to make their own
decisions or learn from human operators without prior specific programming (Zaataria
et al. 2019). Industrial internet of things (IIoT) empowers shop floor devices, machines
and sensors, enabling continuous data collection and dynamic reconfiguration (Laura
et al. 2019). Big data analytics support the processing of those massive heterogeneous
data and analysis for improved production monitoring, optimization and control (Lu
and Xu 2019). Real-time decision making based on the huge amounts of data coming
from IIoT needs a suitable hardware that provides large storage and high performance
computing. In memory-centric architectures the most important or most recent data
resides both in-memory and on-disk to increase performance, while low demand or
low value data resides only on disk (Grapentin et al. 2017). With this strategy memory
centric architectures are able to provide high performance at low cost infrastructures.
The open source technology Apache Spark (Zaharia et al. 2016) is one of the most
popular available today, providing fault-tolerant computation, and support for data pro-
cessing and analytics, including machine learning and stream processing. Cloud Man-
ufacturing techniques support dynamic deployment of data services throughout the
supply chain at minimal marginal cost and optimal allocation of resources (Xu 2012).
Augmented and virtual reality technologies provide intuitive, immersive and enriched
interfaces for enhanced human machine interaction and situational awareness (Choi
et al. 2015). In this section we will focus on a particular aspect of the transformation
which is the advent of artificial intelligence into the FoF. We will identify new use-
cases which AI enables and evaluate the impact on security considerations for future
industry.

2.1 The advent of AI in industrial automation

Industrial AI can be broadly defined as any application of AI relating to the physical

operations or systems of an enterprise. Industrial AI is focused on helping an enterprise
monitor, optimize or control the behavior of these operations and systems to improve
their efficiency and performance (Lee et al. 2018). Industrial AI includes, for example,
applications relating to the manufacturing of physical products, to supply chains and
warehouses where physical items are stored and moved, to the operation of building
HVAC systems (Culp et al. 1990), to shop floor asset management and maintenance,
just to give some examples. A framework for thinking about different types of industrial
AI scenarios is helpful in identifying the areas of a business in which to apply it. We can
categorize industrial AI applications as monitoring (Li et al. 2017), optimization (Xue
et al. 2001), or control (Wang 2019) based on the degree of automation that they seek
to provide. In this section, we explore these categories and present representative use
cases for each. The list of use cases provided herein is not intended to be exhaustive;
rather they are presented to illustrate a few of the many opportunities available to apply
industrial AI.

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3853

2.2 AI‑based process monitoring

In industrial scenarios, there is a continual need to monitor the performance of systems

and processes to identify or predict faults or other situations likely to produce undesirable
results (Ji and Wang 2017). Using machine learning, models can be trained on available
data to learn the internal, opaque state of complex systems. These models can then be que-
ried to predict those system’s future state, given a set of input data. Here are many exam-
ples of monitoring applications that benefit from an AI-based approach.
Quality control: a common manufacturing use case for AI is for machines to visually
inspect items on a production line. Using AI allows quality control to be automated, and
ensures that all final product is inspected, allowing fewer defects to reach customers com-
pared to traditional statistical sampling method (Park et al. 2019). In addition to ensuring
that products are free of imperfections, AI-based visual inspection systems can validate
many product attributes including geometry and tolerances, surface finish, product classifi-
cation, packaging, color and texture.
Fault detection and isolation: in regulated manufacturing environments, ensuring pro-
cess compliance can be expensive and time consuming. In many such scenarios, lives are
at stake—as can be the case in the food, chemical and energy industries. By monitoring a
variety of system operational factors, AI can be used in the detection, prediction and diag-
nosis of undesirable operating conditions in industrial systems (Fuente and Saludes 2000).
By accelerating or replacing unreliable and time-consuming human analysis, automated
process surveillance helps prevent or minimize system downtime and the persistence of
hazardous conditions.
Predictive maintenance: is a rapidly growing subset of fault detection and isolation,
focused on predicting the failure of deployed systems before they result in downtime. Air-
craft engines provide an often cited example Thapar (2019): GE’s GEnx engine is embed-
ded with 5000 sensors producing 5–10 TB of performance, health and efficiency data each
day of flight. This data allows GE systems to predict failures before they happen and proac-
tively schedule repairs and order replacement parts. In general, AI use for predictive main-
tenance is very widespread in aviation domain (Korvesis 2017).
Inventory monitoring. AI powers a wide variety of inventory management and supply
chain use cases, allowing enterprises to avoid costly stock-outs. Hardware retailer Lowe’s
presented the LoweBot (Lowe’s Company Incorporated 2016), an autonomous mobile
robot operating in stores in the San Francisco Bay Area. In addition to its customer ser-
vice tasks, the LoweBot uses an on-board computer vision system to detect misplaced and
out-of-stock inventory on store shelves. Similar systems are being deployed in warehouses,
with several startups experimenting with drone-based approaches.
Supply chain risk management: effective management of a complex, global supply chain
demands the ability to identify and mitigate potential disruptions before they cause delays
or shortages (Baryannis et al. 2018). AI can be used to predict supply disturbances before
they happen, providing early warning for enter-prise supply chains based on potential dis-
ruptors sourced from global news, event and weather feeds.

2.3 AI‑based process optimization

AI-based planning and decision support systems go a step beyond monitoring and allow
users to determine a path, or plan, for getting to a desired system state in a way that

13
3854 A. Bécue et al.

optimizes a target set of business metrics. Note that in classical academic artificial intel-
ligence circles, “planning” refers to a specific category of problem, often formulated with
unrealistic constraints, such as offline agents operating in static, deterministic environ-
ments. Here we use the term in the broader business sense. Optimization activities that
can benefit from the application of ML & AI include: process planning (Xue et al. 2001):
many industrial scenarios involve complex sequences of work whose ordering can signifi-
cantly impact factors such as cost, time, quality, labor input, materials input, tool life and
waste. A simple and well-studied example is the sequence of operations required to create
a machined part or die using computer numeric control (CNC) machines (Gacek 2012). A
given part is made up of a sequence of operations such as cuts. Each cut is made using a
specific tool, of which there are many, but only a few can be loaded on the machine at the
same time. A variety of different optimization problems arise from this scenario, including
set-up planning, operation selection and sequencing, machine and tool selection, and tool
path sequencing. Each of these has been solved with a variety of machine learning tech-
niques including genetic algorithms and neural networks.
Job shop scheduling: a specific type of process planning problem, models the allocation
of jobs of varying processing times to a set of machines with varying processing power.
Job shop scheduling provides a well-studied, if idealized, model for many common indus-
trial scenarios (Çaliş and Bulkan 2013). Many different types of problems can be modeled
using the general job shop scheduling approach and AI, including the famous “traveling
salesperson problem,” which seeks to optimize the routing of a salesperson traveling to
a list of cities given the distances between each city pair. These problems have been his-
torically solved using operations research methods such as combinatorial optimization,
but lend themselves to learning approaches that can more easily adapt to changes in their
environment. Yield management: in manufacturing, the yield of a given processes can
mean the difference between profitable and unprofitable products (Shin and Park 2010).
For example, in semiconductor manufacturing, in the face of increasingly complex manu-
facturing processes, with many hundreds of process parameters coming into play in the
production of a single wafer, traditional techniques for estimating and optimizing yields
have become untenable. Machine learning allows manufacturers to fully utilize avail-able
data to continually improve process quality and increase yields. Anticipatory logistics and
supply chain management: supply chain management is traditionally a two-step process.
First statistical tools are used to produce a demand forecast. The forecast is then used as
input to an optimization process that evaluates the cost of stock-outs against the delivery
times, holding costs and other factors associated with the supply chain. Supply chain man-
agers can then use tools to produce a plan for what to order and when. Using machine
learning (Makkar et al. 2020), it is now possible to implement a single-step process that
learns the relationship between all available input data, including traditional supply chain
data such as inventory levels, product orders, and competitive data, as well as external data
like weather, social media signals and more, to produce better operational performance.
Product design: as digital and physical products grow in complexity, AI can be applied
to accelerate the design process and facilitate product engineering and manufacture. With
generative design, designers can specify a product by its constraints, and allow a machine
learning algorithm to produce design alternatives that optimize qualities such as weight or
performance. Airbus and Auto-desk have used this process to create an airplane cabin par-
tition whose design mimics cellular and skeletal structure and is 45% lighter and stronger
than current designs (Autodesk 2015). Machine learning can also be used to supplement
the intuition of product designers to ensure that designed products are actually manufactur-
able (Balu et al. 2016), and can be used in conjunction with product testing data to identify

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3855

product deficiencies and suggest alternative designs. Facilities location: machine learning
systems can be used to direct the placement of a wide variety of physical facilities within
an environment. At the microscopic level, this includes the placement of circuits and com-
ponents within a semiconductor such as an FPGA (Grewal et al. 2017), but it also includes
the placement of roads and power substations within residential areas, the location of con-
ference rooms and other facilities within an office building (Phelan 2016), and the position-
ing of wireless and other sensors within a factory.

2.4 AI‑based process control

Control systems ultimately form the heart of any modern industrial operation, and are
required by organizations that seek to reap the full benefits of automation. Within the realm
of control, there are many examples of applications that benefit from artificial intelligence
and machine learning. These include:

– Robotics: robots are used in a wide variety of industrial scenarios, for diverse applica-
tions such as pick and place, sorting, assembly, painting, welding, storage and retrieval,
Machine tending, in which robots load or operate other machines such as CNC, is
another popular application. Traditionally, robots are explicitly programmed by direct-
ing them to move through series of points in two or three dimensional space and per-
form specific actions at these points. Newer approaches, such as collaborative robots
(“co-robots”) (Zaataria et al. 2019), simplify programming by allowing these points to
be captured by physically positioning the robot. The problem with both approaches is
that, independent of how the points are captured, the robot is intolerant to changes in
the environment or variations in the position of the items it is manipulating. AI, cou-
pled with computer vision technologies, allows robots to avoid potential interference
by humans or other robots and to accommodate randomly positioned or mispositioned
items without operator intervention.
– Autonomous vehicles: autonomous mobile robots are deployed in large number in
warehouses and factories, to support material transport and pick-and-pack applica-
tions (Bechtsis et al. 2018). In addition, autonomous robots and flying-drones are being
put into service to support inventory management applications in warehouses. Artifi-
cial intelligence coupled with computer vision techniques allows autonomous robots
to complete these tasks more effectively, to better understand, map and navigate their
environments, and to be used more safely around humans.
– Factory automation: Industry 4.0, smart factories, and lights-out manufacturing all
refer to a vision of the plant or warehouse that is data-driven, intelligent and highly
automated. This vision relies heavily on robots (Zaataria et al. 2019) and autonomous
vehicles (Bechtsis et al. 2018) to move materials and assemble goods, on AI-based
computer vision to detect faults and defects (Czimmermann et al. 2020), and on smart
systems to coordinate and optimize the flow of work around the factory.
– HVAC automation: in addition to being costly to operate, HVAC systems are often
poorly behaved, noisy, and unpredictable under real-world circumstances (Donlon et al.
2016). This is especially true as equipment ages and older equipment is replaced, some-
times with units that are mismatched or out of spec with the original system design. In
these situations, control strategies derived by HVAC engineers assuming ideal condi-
tions fail to operate in an optimal manner. Machine learning can help building owners
maximize comfort, reduce energy costs, eliminate system faults, and extend the life of

13
3856 A. Bécue et al.

HVAC equipment. Google has successfully used an AI system based on neural net-
works to control about 120 data center variables, such as fans, cooling systems, and
windows, resulting in a 40% cut in electricity used for cooling and a 15% reduction in
overall data center power consumption (Gau and Evans 2016).
– Smart grids: smart grids enhance traditional power distribution systems with data and
connectivity to and from devices like smart meters, storage and charging systems, and
distributed generation infrastructure (Santofimia-Romero et al. 2011). AI allows the
smart grid to predict demand and faults in the power network, and promptly respond
to changing conditions, improving power quality and consistency. Monitoring, Opti-
mization and Control as an AI Maturity Model Monitoring, optimization and control
are related in that each successive degree of automation depends on, or assumes, the
previous. In addition, each requires increasing degrees of trust on the part of the user.
As a result, these three often form a progression, or maturity model, with companies
first deploying monitoring systems to help them understand the current state of their
operations and predict faults; then, as trust grows, they employ AI-based planning and
decision support systems to tell them what to do given a current state of the world;
finally, and with the requisite controls in place, they allow AI-based control systems to
automatically take the actions needed to achieve a desired end-state through robotics or
other technologies.

3 State of the art OT security tools and techniques

In this section we will give an overview on some existing security tools and techniques
applying to industrial environments.

3.1 Fundamentals of OT security

3.1.1 Background OT Security principles

A characteristic of most existing manufacturing systems is that they mix assets of very
different life cycles. Typically the hard machinery could be running for 30 years in a
very steady, frozen con-figuration while newer assets, freshly deployed, operate in highly
dynamic and connected mode (Stouffer et al. 2015). Industrial control systems (ICS) com-
pose the neural system of a factory, connecting sensors and sensing, connecting actuators
and actuating this digital manufacturing body. Risk analyses on manufacturing ICS usu-
ally reveal several documented or non-documented permanent or intermittent connections
to the Internet (ANSSI ICS Working Group 2014). De facto, the Industry 3.0 factory is
already connected, and this, most often against good practices of network segregation
which should apply. As ICS technology was not initially designed to operate in a connected
environment, the protocols in use tend to be natively very vulnerable (Stouffer et al. 2015).
Most often, neither authentication nor encryption is implemented. Industrial processes
require time-critical communication which does not easily support the processing over-
head of traditional encryption standards (Stouffer et al. 2015). The first (although obso-
lete) principle for ICS security is thus physical protection of key assets from unauthorized
access. For traditional manufacturing shop floors, the security level of critical ICS is just as
good as that of the physical access control and related building management system (BMS)
which in many cases is highly vulnerable (Granzer et al. 2010).

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3857

Network segregation and filtering technology such as firewalls and security gateways
also have to adapt to the specific constraints of OT environments with so-called fail-open
mechanisms designed to prioritize availability against confidentiality whenever those
requirements collide (Knowles et al. 2015). This focus on availability justifies that cur-
rent ICS have very high safety requirements and a mature management of related risks.
They would normally implement strict architecture standards such as the Purdue Enter-
prise Reference Architecture (PERA) (Williams 1994) model which prevent contamina-
tion of the low level shop floor automation typically supporting safety-critical processes
through higher level enterprise IT dedicated to resource planning and logistics. The PERA
model still stands as reference for good practices in ICS security architecture, although the
late developments of internet born technology such as Industrial IoT (IIoT) and the trend
towards cloud based industrial applications known as Cloud Manufacturing (CMfg) tend to
shuffle the rules and fundamentals of this architectural approach. Novel reference architec-
tures have been proposed by the Industrial IoT Consortium (IIC) (Lin et al. 2019) and the
Industrial Data Space Consortium (Otto et al. 2019). It is acknowledged that the Reference
Architecture Model for Industry 4.0 (RAMI) (Deutsches Institut für Normung eV 2016)
includes limited considerations for security (System architectures 2019).
Most critical OT systems typically implement Safety Instrumented Systems (SIS),
which are engineered to perform “specific control functions” to fail-safe or maintain safe
operation of a process when unacceptable or dangerous conditions occur (Śliwiński et al.
2018). They are composed of sensors, logic solvers, actuators and other control equipment.
They would not likely enable to detect cyber-threats but would surely raise alerts whenever
such a threat would start to cause physical damages. This of course, only works if the threat
does not successfully compromise the SIS itself. For this reason SIS are designed to be
independent from all other control systems such as Basic Process Control Systems (BPCS)
or Supervisory Control And Data Acquisition systems (SCADA). Still SIS themselves rely
on certain elements of software which may need to be patched and updated to remain in
security conditions over time. Hence the need for adapted and quite expensive procedures
to deploy soft-ware updates on factories and an extreme caution to potential needs of sys-
tem re-qualification for safety (Malatras et al. 2019). In synthesis, even the most sensitive
parts of a manufacturing system may not live in total and permanent isolation.

3.1.2 Role and characteristics of state of the art OT IDS

The above conditions strongly reinforce the need for adapted intrusion detection systems
(IDS) to detect known and new attacks. IDS will as much as possible operate in a passive
way to prevent impact on industrial processes. Most state of the art OT IDS technologies
operate at network level and are known as Network IDS (NIDS) (Malatras et al. 2019). For
certain types of attacks, typically involving insiders or physical access to industrial assets,
a complementary detection capability operating on the end-point might be needed. End-
point Detection and Response (EDR) agents (Tedeschi et al. 2019) are resident software
monitoring system processes and user behavior against established security policies. Host
intrusion detection systems (HIDS) might be resident or deployed in a more stealthy way
to collect evidence of attacks or perform detection routines (Malatras et al. 2019). At state
of the art, both technologies have noticeable impact on power and processing speed of the
host, which may collide with OT requirements.
IDS can typically use 2 types of detection approaches known as misuse detection (MD)
and anomaly detection (AD) (Buczak and Guven 2016). Misuse Detection is understood as

13
3858 A. Bécue et al.

signature-based techniques designed to detect known attacks. A signature is a pattern that

corresponds to a known threat. Signature-based detection is the process of comparing sig-
natures against observed events to identify possible incidents. Misuse Detection techniques
would typically generate low false-alarm rates but will fail to identify new threats (Buczak
and Guven 2016). A comparison of several MD techniques applied in OT IDS is provided
in Sect. 3.3. Anomaly Detection is the process of comparing definitions of what activity
is considered Normal against observed events to identify significant deviations. Anomaly
Detection techniques rely on modeling the normal network and system behavior, and iden-
tifying anomalies as deviations from normal behavior (Buczak and Guven 2016). They
would likely generate higher false alarm rates but could effectively detect new (0-day)
attacks. A comparison of several state of the art AD techniques is provided in Sect. 3.4. It
is important to highlight that MD and AD have complementary strengths and weaknesses
which can be combined to benefit from advantages of both. Combined approaches are
known as hybrid detection (HD) techniques (Buczak and Guven 2016).
Both MD and AD approaches can rely on a variable mix of expert knowledge and artifi-
cial intelligence (AI). Security professionals tend to be cautious with AI-based techniques
such as machine learning (ML), in particular if non-supervised ML is used (Śliwiński et al.
2018). When it comes to OT environments, where system availability is of paramount
importance, a particular care for the avoidance of false positives (FP) applies. While AI
based techniques most likely perform in scaling up faster than expert rule-based tech-
niques, they also tend to provide less explicable results (Adadi and Berrada 2018). Also
the rules applying to detect malicious attempts on ICS strongly differ from those applying
to regular IT systems. While attacks on IT usually perform through unauthorized payloads
and/or illegitimate traffic which are easily detectable, attacks on ICS would potentially run
authorized software and normal traffic, just altering process times or parameters to cause
dysfunction of the industrial process (Humayed et al. 2017). For example, filling a tank at
time t and heating it at time t + 1 are two normal control command orders but inverting the
sequence causes explosion. Legacy OT systems do not generate tremendous amounts of
heterogeneous data that would require highly automated and scalable detection techniques.
They are rather predictable in their behavior (Sun et al. 2016), and thus, would effectively
be monitored with expert rule based anomaly detection techniques. The rules are highly
specific to the considered manufacturing process which raises both the needed skills of
attackers and defenders. While caution is used with regards to unsupervised machine-
learning for the aforementioned reasons, there is still a very high potential for application
ML based anomaly detection because of the predictable nature of legacy ICS behavior.
Therefore, many OT IDS products use hybrid techniques (MD & AD) and semi-supervised
ML approaches.

3.2 Advent of artificial intelligence for cybersecurity

3.2.1 ML applications for Cybersecurity

Most state of the art applications of AI in field of cybersecurity belong to the field of
machine learning (ML), a subfield of AI defined by Arthur Samuel as field of study that
gives computers the ability to learn without being explicitly programmed (Samuel 1959).
ML techniques can be grouped into three main types of approaches:—unsupervised
approaches consist in finding patterns, structures, or knowledge in unlabeled data;—semi-
supervised approaches consist in labeling a portion of the data based on expert knowledge

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3859

during the acquisition phase;—supervised approaches consist in completely labeling the

data set based on expert knowledge and finding a function or model that explains the data.
Supervised and semi-supervised techniques tend to be preferred by security profession-
als as they provide more explicable results. Unsupervised techniques tend to be less used
in security applications due to the relative aversion of security professionals towards dis-
covery techniques that would not be easily explainable and auditable (Adadi and Berrada
2018). Security relates with responsibility which eventually relies on humans from a legal
point of view. Also there is a remaining skepticism that ML would potentially be success-
ful in identifying 0-day attacks, given the fact that ML is trained on historical data and thus
may not effectively determine if some incongruity found in operation relates with a new
attack or a yet unobserved legitimate data pattern (Buczak and Guven 2016). The mali-
cious nature of a set of events is very dependent on context and target-related information
and most likely requires human threat intelligence to make good diagnosis. However, all
three techniques have been used with variable success to cybersecurity (Li 2018). Some
examples are: threat intelligence, vulnerability discovery, intrusion detection, malware
analysis, human bevahiour monitoring and alert enrichment.

3.2.2 OT intrusion detection techniques

The most widely applied use-case for ML in OT security, at state of the art, is intrusion
detection (Mantere et al. 2014). Legacy OT are predictable and stable and thus would quite
well accept ML-based anomaly-detection approaches. It might not remain the case with
future IoT oriented factory environments, which will set a challenge for ML application
(see Sect. 4). Essentially, two approaches for intrusion detection have need implemented
in OT environments:—misuse detection (MD) consists in checking the testing data against
signatures corresponding to misuse classes and classify the remaining as normal (Buczak
and Guven 2016);—anomaly detection (AD) consists in testing data against normal traf-
fic pattern defined in the learning phase and classify the remaining as Anomaly (Buczak
and Guven 2016). Misuse detection and anomaly detection may involve ML algorithm
although with unequal success, depending on the specific technique chosen (Buczak and
Guven 2016). Examples of implementations to IDS are provided in a comparative approach
in Annex.

3.2.3 Requirements applying to OT IDS

Beyond the traditional detection metrics, three factors need to be taken into account when
considering the applicability of a particular IDS technology to OT security: time complex-
ity, incremental update capability, and generalization capacity. Time complexity is a key
criterion for IDS aiming at online application, which will most usually be the case in appli-
cation to OT security monitoring. A rule of thumb tells for n instances, O(n) and O(n log
n) algorithms are considered to be linear time, while O(n2) is considered as acceptable
time applicable online and O(n3) or above are considered to be much slower algorithms
applicable off-line. Processing online and streaming data is a challenge. A method should
be close to roughly O(n log n) to be considered a streaming algorithm. Other methods may
only be applied with appropriate input data windowing and a small number of instances.
Incremental update capability is of paramount importance when it comes to monitor highly
dynamic environments. The intentional nature of cybersecurity threats cause many tra-
ditional classification approaches to fail. This has been a limitation for the development

13
3860 A. Bécue et al.

of ML techniques in the field of security for many years. When rule-based detection is
applied, adapted interfaces need to be designed for rule edition by subject matter experts
or rule extraction from ML modules per-forming continuous training on live representative
data. Generalization capacity also applies with a particular care for the specific nature of
OT security problems when compared to IT. The stealthiest threats will target a particular
process and cause actions which could be benign on system X but dangerous on system Y.
Here, an advantage of ML-based techniques is that they can be trained in live operation,
taking consideration of the the industrial process and related risks specific to the consid-
ered manufacturing environment. A noticeable limitation is that they would not likely capi-
talize and mutualize the knowledge acquired to enrich a common knowledge base, usable
across industries.

3.3 Misuse detection techniques

This chapter introduces the different techniques and IDS that support misuse-based intru-
sion detection, including pattern matching, rule-based techniques, state-based techniques,
and data-mining techniques.

3.3.1 Pattern matching

Most of intrusion detection systems employ a pattern-matching algorithm in order to find

the suspicious packets (Kumar and Spafford 1994; Dharmapurikar and Lockwood 2006).
The algorithm checks the presence of a signature in the incoming packet sequence and
outputs the location of the string within the packet. The algorithm must be fast enough to
detect the malicious behavior, and it must be scalable in order to meet the increase in both
the number of signatures and the link speed. String matching algorithms can be categorized
into single and multiple pattern matching algorithms. In the single pattern matching, one
pattern is matched against the entire text at a time. In contrast, the multiple pattern match-
ing approach compares the text sequence against all signatures all at once. Obviously, the
multiple matching approach is a better choice for intrusion detection to avoid sweeping the
packet many times. Nevertheless, it consumes more memory and requires a pre-processing
phase to program the patterns before the matching phase can start (Roesch 1999).

3.3.2 Rule‑based techniques

Rule-based systems (also known as expert systems) are one of the earliest misuse-based
detection systems. These systems encode intrusive scenarios as a set of rules, which are
derived from human experts’ knowledge, that dictates what to do or what to conclude in
different situations. Therefore, any deviation in the rule matching process is reported as an
intrusion. The following is a review of the significant developments in rule-based intrusion
detection which have been made in the past several years.
The intrusion detection expert system (IDES) (Lunt and Jagannathan 1988) is the result
of research that started in the Computer Science Laboratory at SRI International in the
early 1980s. IDES provides a system-independent mechanism for real-time detection of
security violations, whether these latter are initiated by outsiders who attempt to break
into a system or by insiders who attempt to misuse their privileges. IDES is based on an
expert rule-based system which characterizes certain types of intrusions and raises an
alarm if observed activity matches any of its encoded intrusion scenarios. The rule-based

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3861

component was based on the Production-Based Expert System Toolset (P BEST). This
component contains rules that describe suspicious behaviour based on knowledge of past
intrusions, known system vulnerabilities, or the installation-specific security policy. The
rules describe suspicious behaviour that is independent of whether a user is deviating from
past behaviour patterns.
The state transition analysis technique (STAT) (Ilgun et al. 1995) was conceived as
a misuse based detection technique to describe computer penetrations as sequences of
actions that an attacker performs to compromise the security of a computer system. STAT
uses state transition diagrams to represent attacks as a sequence of actions that leads from
one initial starting state just prior to the execution of the attack to at least one target com-
promised ending state on a system. A state represents a snapshot of the system’s security-
relevant properties and resources, and a transition represents the signature actions that if
omitted from the execution of an attack scenario would prevent the attack from completing
successfully.

3.3.3 Data mining‑based techniques

Data mining has become a very useful technique to reduce information overload and
improve decision making by extracting and refining useful knowledge through a process of
searching for relation-ships and patterns from the extensive data collected by organizations.
Recently, data mining techniques have been applied for building misuse detection mod-
els, in which intrusion detection is considered as a data analysis process to automatically
discover and model features of user’s normal or intrusive behaviors. In this area, three
types of algorithms are particularly useful for mining audit data, namely classification, link
analysis and sequence analysis.

– Classification algorithms: generate classifiers by learning based on a sufficient amount

of normal or abnormal audit data. New audit data are labeled as either normal or abnor-
mal according to the classifier.
– Link analysis: determines the relation between fields in the audit database records and
normal pro-files are usually derived from these relations.
– Sequence analysis: is used to find sequential patterns in audit data and embed these pat-
terns into intrusion detection models.

Mining Audit Data for Automated Models for Intrusion Detection (MADA MID) (Lee
and Stolfo 2020) is a framework that uses data mining algorithms to compute activity pat-
terns from system audit data and extracts predictive features from these patterns. Precisely,
this framework applies data mining programs to audit data to compute frequent patterns,
extracts features, and then uses classification algorithms to compute detection models.

3.3.4 Ensemble learning

When training machine learning models the search for performance improvement was
always a constant worry of researchers and engineers alike. Polikar defines ensemble learn-
ing as: “the process by which multiple models, such as classifiers or experts, are strate-
gically generated and combined to solve a particular computational intelligence problem.
Ensemble learning is primarily used to improve the performance of a model or reduce the
likelihood of an unfortunate selection of a poor one.“ (Polikar 2009). When it comes to the

13
3862 A. Bécue et al.

selection of models there are two types of ensembles, homogeneous ensembles where base
learners are usually of the same kind with changes in hyperparameters to increase diver-
sity, and heterogeneous models where different algorithms are merged together to form a
stronger model (Zhou 2012).
The bagging algorithm, first proposed by Breiman (1996), is one of the first ensemble
methods, and since then became a staple in the industry, with application in algorithms that
stand as the base of highly performant models such as Random Forests (Breiman 2001).
Bagging or Bootstrap Aggregation is a technique that given a sample data creates various
subsets of the data and trains a weak learner on that subset. After all the weak learners are
trained, bagging aggregates all the predictions to form the most efficient predictor.
Resende and Drummond (2018) ACM Survey from 2018, we can find a references
to 35 works using Random Forest for Intrusion Detection, both for misuse and anomaly
detection. Zhang and Zulkernine (2005) proposed the first well-known Random Forest
based method applied on intrusion detection. Basically, the approach is a classifier which
requires being trained on a labelled dataset compounded of normal and attack flows. Yin
et al. (2013) proposed an intrusion detection method based on the use of two random forest
models for classification. The first model is trained using all the available data, both benign
and malign (multiple classes) and the second model is trained using only malign data. The
models are then employed in parallel, using the first model for an initial evaluation where
uncertain classifications are redirected to the next model for a second evaluation. Another
work done by Bilge et al. (2012) proposed the use of random Random Forests to analyze
large scale NetFlow data in order to identify botnet servers. The algorithm is used as a first
filter and is followed by cross-examination of IP white-lists and black-lists to further reduce
false positives. The authors tested the solution with data coming from 2 different networks
totaling more than a billion flows. Zhang and Wang (2009) proposed the use of Hadoop
and Mahout (software) and a Random Forest model as a classifier to detect intrusions on
websites. The authors tested the method using the KDD99 dataset and with data generated
by a non-specified IDS. Both datasets were used for training and testing. Stefanova and
Ramachandran (2017) proposed a two-stage classifier for network intrusion detection. The
first stage classifies the traffic into the classes “normal” and “attack.” The attack traffic is
then submitted to a second stage, which classifies into attack types. Domb et al. (2016)
propose a lightweight IoT rules generation and execution framework supported by Random
Forest classifiers.
Boosting is another ensemble technique to create a collection of predictors (weak learn-
ers). Boosting utilizes the weight average of each model to make weak learners into strong
learners. Unlike bagging where all models run independently, in boosting at each iteration,
the current model dictates what features to focus on the next model. This means some sam-
ples will appear more often than others (Russell and Norvig 2009).
Adaboost or adaptive boost was first proposed by Freund and Schapire in 1995, with
the promise to outperform most of the existing boosting algorithms. One of its most fun-
damental ideas is that of a weak learner. Weak learners, as opposed to strong learners, are
algorithms that perform only slightly better than random guessing, with the advantage of
increased computational speed and reduced bias with the resulting reduced tendency to
overfit the data (Freund and Schapire 1997).
Adaboost has been employed in various situations but it is most commonly used in mis-
use or signature detection because of its supervised nature. Hu et al. (2008) proposed an
AdaBoost-based algorithm, similar to the standard implementation of AdaBoost but, with
changes claimed to improve performance in intrusion detection situations. With the usage
of the KDD’99 dataset, the proposed solution was able to obtain good results in the chosen

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3863

metrics, FPR (false positive rate) and detection rate with 0.31–1.79% and 90.04–90.88%
respectively. Another intrusion detection solution was presented by Mazini et al. (2018),
in this case the authors proposed a hybrid solution where the ABC [artificial bee colony
(ABC)] algorithm is used to optimize the search for the best feature space (feature selec-
tion) and Adaboost.M2 is used in a multiclass classification setting since classic AdaBoost
can only do binary classification. In order to validate their results, the authors opted for the
usage of FPR, detection rate and accuracy on the NSL-KDD and ISCXIDS2012 datasets.
In final analysis, it was found that the proposed solution outperformed other methods with
99.61% detection rate, 0.01 FPR, and 98.90% accuracy.

3.4 Anomaly detection techniques

The signature-based approach was the first approach used in IDS, and is always widely
used today. It requires expert knowledge to design and set the detection policy (i.e. detec-
tion rules). The main issue with this approach is the inability to detect new attack pat-
terns since no rule would match. That is why anomaly-based approaches were designed to
minimize this drawback. This chapter covers the different techniques and IDS that supports
anomaly-based intrusion detection, including rule-based techniques, biology-based tech-
niques, and machine learning-based techniques.

3.4.1 Rule‑based techniques

The multics intrusion detection and alerting system (MIDAS) (Sebring et al. 1988) is a
rule-based intrusion detection system, which has been developed by the National Com-
puter Security Centre (NCSC), in co-operation with the Computer Science Laboratory, SRI
International, to detect intrusions for the NCSC Dockmaster. MIDAS was one of the first
intrusion detection systems that monitored an operational system connected to the Internet.
It applies the Production Based Expert System Toolset (P-BEST) for intrusion detection.
The P-BEST compiler produces primary LISP functions that incorporate semantics rule.
Essentially, The P-BEST rule-base includes two layers; the first layer handles the im-medi-
ate deduction about certain types of events such as “number of failed login attempts” and
asserts a fact to the effect that some threshold of suspicion has been reached. Then, the sec-
ond layer processes these suspicions and decides whether to actually raise an alarm based
on the first layer’s facts (Axelsson 2000).

3.4.2 Biology‑based techniques

The following are examples of biology-based techniques such as genetic algorithms, arti-
ficial neural networks, and artificial immune systems, as well as IDS that support these
techniques for anomaly-based intrusion detection.

– Artificial neural networks (ANN) (Yegnanarayana 2009) have been adopted in the field
of anomaly intrusion detection, mainly because of their flexibility and adaptability to
environmental changes. Hyperview (Debar et al. 1992) is an early attempt of neural
network-based technique for intrusion detection. It consists of two major components.
The first component is an expert system that monitors audit trails for known signs of
intrusions, while the second is an artificial neural network (ANN) based component
that learns the user’s behaviour adaptively and fires an alarm when the audit trail devi-

13
3864 A. Bécue et al.

ates from this learned behaviour. This ANN is connected to two expert systems. One
monitors the operation and the training of the network in order to prevent the network
from learning anomalous behaviour for instance and evaluates its output. The other one
scans the audit trail for known patterns of intrusion, and together with the output from
the first expert system forms an opinion on whether to fire an alarm or not. The decision
expert system also provides the ANN with situation awareness data (i.e. data that the
audit trail itself does not contain) from the simple current time and date, to the prede-
fined complex state of alert, or state of danger for the system.
– Natural immune system (NIS) is one of the complex systems in nature. Its main pur-
pose is to protect the body from damage that can be caused by harmful entities that
are mostly foreign. Artificial immune systems (AIS) are a new research field that tries
to exploit this complex system in order to develop problem solving techniques such as
fault detection problems, function optimization, detection of novelties in time series,
and even anomaly detection problems (Aickelin et al. 2007; Gonzalez 2003). Native
artificial immune system (NAIS) (Pagnoni and Visconti 2004) is an intrusion detec-
tion system based on the idea of providing computer networks with the technological
equivalent of an innate immune system. It works on ma-chines on which either a web
server or ftp server has been installed. NAIS provides a completely reliable recognition
of normal and abnormal processes, and is able to detect and protect servers against new
and unknown attacks.
– Swarm intelligence is a family of methods inspired by the behavior of swarms of insects
and other animals, like flocks of birds and ant colonies; while evolutionary methods,
like genetic algorithms, are based on natural selection among a population of individu-
als. The most commonly used in this field being genetic algorithms (GA), evolution
strategies (ES), ant colony optimization (ACO), particle swarm optimization (PSO)
and artificial immune systems (AIS) (Truong et al. 2020). Kolias et al. (2011) a survey
mentions several applications of swarm intelligence techniques to IDS, both signature
and anomaly based detection. By that time, ant colony optimization (ACO), particle
swarm optimization (PSO), and ant colony clustering (ACC) where the most used, in
the majority combined with techniques like neural networks, support vector machines
or K-means, providing hybrid approaches. Also interesting is their usage to induce clas-
sification rules. Very recently, Thakkar and Lohiya (2020) provides a comprehensive
study of the application of swarm and evolutionary techniques to IDS, that shows a
diversity of applications on hybrid approaches for feature selection, attack detection and
classification, and parameter optimization, as well as some applications to rule extrac-
tion. Along with this, swarm intelligence has also proven to be applied to evaluate the
robustness of machine learning. Mosli et al. (2019) PSO is used to craft adversarial
examples, while in Alzantot et al. (2018) the approach is based on Genetic Algorithms.

3.4.3 Other ML‑based techniques

The following are examples of machine learning-based techniques such as deep learn-
ing, k-nearest neighbour, Bayesian logic, fuzzy logic, support vector models, and hidden
Markov models, as well as IDS supporting these techniques for anomaly-based intrusion
detection.

– Deep learning (DL) is a sub-field of Machine Learning that provides methods for both
classification and regression, intended to work as an analogy of the human brain by

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3865

using multiple layers of artificial neurons to learn meaningful representations of data.

Several deep learning techniques are in use also for cyber security. Namely, long short
term memory (LSTM), recurrent neural network (RNN), and convolution neural net-
work (CNN) have demonstrated good performance in Intrusion Detection Systems
(Hutchins et al. 2011). Althubiti et al. (2018) used the CIDDS-001 External Server data
to test a long-short term memory (LSTM) model. LSTM achieved greater performance
when compared with other methods, namely SVM, Naïve Bayes (NB) and multi-layer
perceptron (MLP). Nicholas et al. (2018) also evaluated the performance of an LSTM
model in the flow-based data of CIDDS-001 and compared the obtained results with
other traditional classifiers. Another field is the application of Deep Reinforcement
Learning, which combines deep learning with reinforcement learning, in several appli-
cations related to cyber security (Nguyen and Reddi 2019).
– K-nearest neighbour (KNN) (Cunningham and Delany 2007) is one of the simplest
classification techniques. It calculates the distance between different data points on the
input vectors and assigns the unlabelled data point to its nearest neighbour class. K is an
important parameter. If K is equal to 1, then the data point is assigned to the class of its
nearest neighbour. When value of K is large, then it takes large time for prediction and
influence the accuracy by reduces the effect of noise. The Minnesota Intrusion Detec-
tion System (MINDS) (Ertoz et al. 2004) is a data mining based system for detecting
network intrusions. MINDS suite contains various modules for collecting and analyz-
ing massive amounts of network traffic including behavioral anomaly detection module,
summarization module, scan detection module, and profiling module. Independently,
each of these modules provides key insights into the network. For instance, the anomaly
detection and scan detection modules detect attacks and other abnormal activities in the
network traffic. The profiling module detects the dominant modes of traffic to provide
an effective network profile to the analysist, and the summarization module provides a
concise representation of the network traffic to allow the network analyst to investigate
the anomalous traffic in few screenshots. MINDS involves a network analyst who pro-
vides feedback to each of the modules based on their performance for more accurate
analysis.
– Bayesian modelling (Jensen and Nielsen 2007) is a branch of ML that is applied to
decision making and inferential statistics that deals with probability inference. Bayesian
inference uses the knowledge of prior events to predict future events. A Bayesian net-
work is a directed acyclic graph (DAG) where each node represents a discrete random
variable of interest. Each node contains the states of the random variable that it repre-
sents and a conditional probability table. A naïve Bayesian network is a restricted net-
work that has only two layers and assumes complete independence between the infor-
mation nodes (i.e., the random variables that can be observed and measured). eBayes
TCP (Valdes and Skinner 2000) is an EMERALD (Porras and Neumann 1997) compo-
nent which applies naïve Bayesian networks to analyse traffic explosions. Its anomaly-
detection decisions are made using a tree structure in which direct observations of the
communication are made at the leaves of the tree, and the belief in a particular state is
determined at the root. eBayes TCP consists of two components: a TCP-specific mod-
ule that interfaces to appropriate EMERALD components and manages TCP sessions,
as well as a high-performance Bayesian inference class library. The latter has potential
not simply to analyse a specific data stream, but also as a fusion en-gine considering
heterogeneous sensors.
– Hidden Markov model (HMM) (Rabiner and Juang 1986) is a statistical Markov model
in which the system is modelled as a Markov process with a finite set of unobserved

13
3866 A. Bécue et al.

states. Transitions among the states are governed by a set of probabilities called transi-
tion probabilities. HMM has been successfully used in several ma-chine learning areas
including speech recognition, language processing, as well as, anomaly detection (War-
render et al. 1999; Yeung and Ding 2003; Ye et al. 2004; Gao et al. 2006). For instance,
Warrender et al. (1999) have pointed out that HMM can be us ed to learn the concise
and generalizable representation of the “self” identity of a system program by relying
on the run-time system calls. The model has a fixed number of states and each state rep-
resents the unobservable condition of the system. For each state there is a certain prob-
ability of producing any of the observable system outputs and a separate probability
indicating next states. The models learned were shown to be able to accurately detect
anomalies caused by attacks on the system programs.
– Fuzzy logic is a method to computing based on degrees of truth rather than the usual
true or false Boolean logic on which the modern computers are based. With fuzzy
spaces, fuzzy logic allows an object to belong to different classes at the same time.
This makes fuzzy logic a great choice for intrusion detection because the security
itself includes fuzziness and the boundary between the normal and anomaly is not
well defined. As a result, various fuzzy logic-based approaches have been proposed
for anomaly detection (Yao 2005; Luo and Bridges 2000; Karami and Guerrero-Zapata
2015). Moreover, the intrusion detection problem involves many numeric attributes
in collected data, and various derived statistical measures. Building models directly
on numeric data usually causes high detection errors. A behaviour that deviates only
slightly from a model may not be detected or a small change in normal behaviour may
cause a false positive. With fuzzy logic, it is possible to model these small deviations to
keep the false positive/negative rates small.
– Decision trees are among the well-known machine learning techniques for classifica-
tion and prediction. A decision tree is composed of three basic elements: a decision
node specifying a test attribute, an edge or a branch corresponding to the one of the
possible attribute values which means one of the test attribute outcomes, a leaf which
is also named an answer node, contains the class to which the object belongs. Decision
trees have been successfully applied in the field of intrusion detection, particularly, for
anomaly detection (Lee et al. 2008; Sindhu et al. 2012; Sheen and Rajesh 2008; Bilge
et al. 2011). Lee et al. (2008) used the ID3 algorithm developed by Quinlan as a learn-
ing algorithm to generate decision trees automatically for DoS, R2L, and Scan attacks.
EXPOSURE (Bilge et al. 2011) is a system that has been designed to perform large-
scale, passive DNS (domain name service) analysis to detect and blacklist domains
involved in malicious activities such as hosting phishing web pages, SPAM, botnets
command and control servers, drop zones, etc. EXPOSURE consists of five main
components: Data Collector, Feature Attribution Component, Malicious and Benign
Domains Collector, Learning Module, and Classifier. The classifier component is built
as a J48 decision tree algorithm, which is an implementation of the C4.5 algorithm that
is de-signed for generating either pruned or unpruned C4.5 decision trees. It constructs
a decision tree from a set of labelled training set by using the concept of information
entropy (i.e., the attribute values of the training set). The experimental results show
that EXPOSURE is useful in automatically identifying a wide category of previously
unknown malicious domains.
– Support vector machine (SVM) is a machine learning method based on statistical learn-
ing theory. It relies on pre-processing the data to represent patterns in a high dimension
which is typically higher than the original feature space. SVM classifies data as a set
of support vectors, which are members of a set of training inputs. These support vec-

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3867

tors outline a hyper-plane (decision boundary) in the feature space. One of the SMV
key features is its good generalization ability of the learning model, which means even
from a relatively small training data set, it can still give a good accuracy. Plus, SMV is
capable of handling high dimensional data which is very useful to an intrusion detec-
tion system (Zaman and Karray 2009; Sung and Mukkamala 2003). Hu et al. (2003)
proposed an anomaly detection approach based on robust support vector machines
(RSVMs). RSVM is a variation of SVM that effectively addresses the over-fitting prob-
lem introduced by the noise in the training data set. RSVMs incorporates an averag-
ing technique in the standard SVMs which makes the decision surface smoother and
controls the amount of regularization automatically. Experimental results show that
RSVMs can provide good generalization ability and high intrusion detection accuracy
with low false positives even in the presence of noise. The running time of RSVMs can
also be significantly reduced as they generate fewer support vectors than the standard
SVMs.

4 AI‑related threats and challenges to Industry 4.0

The physical nature of the systems and processes handled by Industrial AI induces particu-
lar constraints which other types of AI do not face. To start with, it is particularly difficult
to retrieve industrial data in needed quantity and diversity to train industrial or defensive
AI. Industries are reluctant to share data which could reveal process of product informa-
tion. The requirement for expertise is also greater (Mao et al. 2019). Industrial AI models
are harder to develop, train, and test; and the costs associated with their failure are greater.
In other words, the stakes are higher. Consider one example: the case of a predictive main-
tenance system monitoring performance of an aircraft engine. In a recent Forbes article
(Yao 2017), Harel Kodesh, former vice president and CTO of GE Software notes that
“if an analytical system on a plane determines an engine is faulty, specialist technicians
and engineers must be dispatched to remove and repair the faulty part. Simultaneously, a
loaner engine must be provided so the airline can keep up flight operations. The entire deal
can easily surpass $200,000.”. Clearly the cost of a “false positive” here is greater than
the cost of Netflix showing the wrong movie recommendation, or Amazon upselling the
wrong product. But the differences go further. This system is likely subject to any number
of compliance requirements, and the system’s recommended action might trigger a variety
of reporting actions. The development of the predictive model is likely significantly more
evolved than building a recommender: a variety of live and simulated engine sensor data
must be captured; the sensor data likely requires extensive cleaning before use; the model
must be trained against the cleansed data; and it must be tested against a test dataset, in
simulation, and in production. This process likely relies heavily on a variety of subject mat-
ter experts (Mao et al. 2019) including systems engineers, maintenance and performance
engineers, and more, not to mention the software engineering talent required. Industrial AI
thus presents several challenges that differentiate it from consumer and business applica-
tions of AI. Some of them are provided below.

4.1 Technical challenges

Data acquisition and storage: unlike “born digital” data captured, for example, from web
interaction logs, industrial AI systems often rely on data captured from sensors that seek to

13
3868 A. Bécue et al.

represent the real world digitally. Unfortunately, this process can result in inherently noisy
datasets. Sensor data can also be voluminous. Acquiring this data and storing it for analysis
can be extremely complex. Furthermore, because of the cost of generating training data
under a wide variety of conditions, simulation is often used. High-fidelity simulations, or
“digital twins,” can be very effective, but can also be difficult to create and maintain, and
computationally expensive to run (Fuller et al. 2019). Training challenges: much of the
recent fanfare around AI has been based on the success of “deep learning.” In most cases,
these successes are based on supervised learning style problems in which deep neural net-
works are trained with labeled training data. While it can be difficult in any domain to col-
lect the volume of labeled training data required to effectively train machine learning mod-
els, this can be particularly challenging in industrial scenarios in which few examples of
the most interesting “black swan” events—such as part or product failures—occur (Pinker
2018). This increases the complexity of training and thus the overall cost of developing
the machine learning system. Testing costs and complexity: testing AI systems on operat-
ing production lines, industrial equipment, warehouses and other industrial systems is both
expensive and disruptive (Kalajdzic et al. 2015). Because of this, industrial AI systems
are often trained and tested using simulation, the challenges of which have already been
discussed. Large state spaces: modern industrial systems are extremely complex, often
offering tens or hundreds of inputs over which machine learning algorithms may optimize.
This can make for more complex development and training routines (both in terms of time
and cost) and can require the use of sophisticated techniques to simplify the problem and
ensure convergence to a solution.

4.2 Operational challenges

High cost of failure and change: as we saw in our aircraft engine example (Yao 2017), it
is common in industrial scenarios for the cost of failure to be extremely high. The cost of
change is similarly high. When an enterprise has many millions of dollars invested in fac-
tories and warehouses, automation technology—AI or otherwise—must either work with
those existing investments or demonstrate extremely compelling ROI.
Cost of talent: data scientists, data engineers and data-savvy programmers and subject
matter ex-perts are the backbone of the team required to implement AI solutions (Mao
et al. 2019). These skills are both rare and expensive in today’s employment market, and
firms must compete for top talent with internet leaders like Facebook and Google.
High regulatory requirements: industrial environments are often subject to compliance
statutes that impact operations, including technical, legal and corporate requirements, and
governmental regulations. Depending on the market and industry, compliance require-
ments span areas such as product safety, public/employee health and safety, environmental
impact, and workplace safety, but they can also directly specify controls around automa-
tion systems, as does, for example, the European Machinery Directive (European Commis-
sion 2009). Regulatory controls, which often require that changes to industrial processes
be extensively validated and verified, can be at odds with the goals of automation via AI,
which encourage rapid adaptation of processes via closed-loop feedback.

4.3 Security challenges

Unpredictability of Industrial AI-based systems: as previously highlighted, industrial AI

tends to make the modern ICS less deterministic in their functioning (Sun et al. 2016).

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3869

In recent years the use of AI technologies is increasing, giving rise to several initiatives
related to the detection of anomalies. Specifically, the detection of anomalies attempts to
solve the problem of identifying patterns of behavior that do not correspond to the expected
patterns. The boundaries between anomalous and expected behaviors may be difficult to
establish precisely and may also vary over time. This is likely to cause the most traditional
IDS technology to fail detecting new threats or to misclassify new benign events as anoma-
lies (Luo et al. 2020). Without adapted measures and improvements, security professionals
will have to deal with an increasing number of false positives and false negatives. Exposure
to adversarial AI: attackers are likely to acquire equivalent skills in ML/DM techniques
to those mastered by cybersecurity professionals (Stevens 2020). Knowing the strengths
and weaknesses of each state of the art method, trained attackers will undoubtedly look
for techniques to wrong ML-based systems. This could apply to IDS but also to other ML-
based technology in use in the context of Indus-try 4.0, such as autonomous and collabora-
tive robotics. Adversarial AI technology may be used to learn the specific weaknesses of
defensive or functional ML/DM modules involved in critical industrial assets, for exam-
ple, targeting detection thresholds, generating noise to hide malicious events, aiming at the
computational limits of a particular ML algorithm or finding a way to corrupt the training
data (Brundage et al. 2018). For this reason, it is important to test and train defensive ML
algorithms against adversarial AI and not only against static data-sets. According to some
recent studies (Qiu et al. 2019), GAN (Generative adversarial network) are a promising
method for Adversarial.
Machine learning based techniques leverage collected security data, and ingest the
statistical pow-er of the information to further automate the process of pattern matching.
Other than traditional signature based techniques, the benefits of adoption of learning
based predictive models explore the behavioral evidences in the data, which can potentially
offer defensive advantages such as alerts of unseen attacks. However, learning-based meth-
ods themselves can be security targets by manipulating training and testing data samples,
known as adversarial samples. For instance, a face recognition system based on pretrained
deep neural networks can easily fail to detect faces wearing a pair of glass that is carefully
crafted under adversarial training (Sharif et al. 2016). Anyone wearing this peculiar glass
will be recognized as another certain person trained as the target.
Theoretical studies on machine learning models also show that AI-based methods
should be deployed carefully (Sculley et al. 2015). The predictive power of learning mod-
els relies heavily on true sample distribution of the collected data, which can be mislead-
ing when the data is tainted by attackers (Biggio and Roli 2018). Learning algorithms
are intrinsically vulnerable to malicious data manipulation. In functional view, a learning
model is typically parametrized by a set of parameters (see Neural Networks), if attack-
ers can gain insight into the model architecture and manipulate their data so that they are
misclassified, this is a particular type of adversarial machine learning attack, known as
exploratory (Siddiqi 2019). Such adversarial samples can be computed by gradient ascent.
Adversarial attacks were successfully conducted on those widely used machine learning
algorithms such as SVM and LASSO by carefully crafting malicious data samples for
model training. The adversarial attacks can be generalized to the whole family of statistical
learning theory based methods, therefore can be contagious, and many learning systems
can be affected.
Responsibility gap: in order to ensure that industrial AI systems are socially acceptable,
their development, deployment and use must be guided by the principles of rule of law,
notably its manifestations in legal certainty and accountability. In light of the increasing
levels of interaction between humans and machines and the emergence of new (cognitive)

13
3870 A. Bécue et al.

interfaces to support this interaction (Lim et al. 2017), there is growing uncertainty about
maintaining legal compliance in continuously evolving dynamic environments. Techni-
cally, it is difficult a validate the security properties of AI-based systems in general. IDS
in particular set a many times addressed challenge for validation (Tavallaee et al. 2010).
Traditionally, the approach of lawmakers and regulators to safety-critical systems has been
limited to embedding strict deterministic design and certification technical requirements
into legal and regulatory instruments. Conservatism and end-to-end predictability in all cir-
cumstances have shaped these processes even in highly automated environments such as
the aerospace domain (Emanuilov 2017). Autonomous systems, however, have challenged
these premises. The existing legal and regulatory approaches to autonomous systems can-
not sufficiently accommodate the inherently uncertain, adaptive and non-deterministic
behaviour of these systems. Certification and continued maintenance of assured level of
compliance in the course of a system’s evolution are two cases in point. It is no longer suf-
ficient to adhere to a finite set of end goals because these systems continuously evolve in
time and space as a result of their learning feedback loops and incessant interaction with
the surrounding environment. Therefore, a thorough understanding from a technical and
cognitive perspective of the emerging cross-organisational and cross-entity interactions is
essential for designing new legal and regulatory approaches.

4.4 AI threat landscape

To illustrate the security challenges, it is important to draw a picture of AI threats, as

known today and potential further developments which would likely harm FoFs. Most
existing classifications of AI threats address AI as a new attack surface (Turchin 2015;
Turchin and Denkenberger 2020; Yampolskiy 2016). Turchin and Denkenberger (2020)
propose a classification of catastrophic risks according to the level of AI intelligence. The
three proposed levels are: (i) “Narrow AI” associated with the current AI systems that
require human intervention, (ii) “Young AI” associated with the youngest age of AI where
its capabilities are slightly above human level, and (iii) “Mature AI” associated with the
superintelligent level. Yampolskiy (2016) classified the types of pathways leading to mali-
cious AI system into two stages: pre-deployment and post-deployment. The proposed tax-
onomy categorizes the AI risks into potential internal and external causes such as design
mistakes, deliberate action, or environmental hazards. These studies focus generally on AI
risks from the safety point of view. A couple of studies have more specifically addressed
AI-based cyberthreats such as AI-based malware (Kirat et al. 2018; Chung et al. 2019) or
spyware (Zhang et al. 2018), password guessing (Hitaj et al. 2017) or brute-force tech-
niques (Trieu and Yang 2018), social bots (Seymour and Tully 2016; Bahnsen et al. 2018;
Yao et al. 2017), and of adversarial training (Hu and Tan 2017; Anderson et al. 2016; Petro
and Morris 2017). The above mentioned studies demonstrate that AI provides superiority
in scope, speed, and scale compared to traditional approaches. Schneier (2018) says that
“both attack and defense will benefit from AI technologies”. However,as attackers have the
advantage of initiative and as AI tremendously augments attack speed it might create new
asymmetries in the attack-defense balance. A recent survey from Kaloudi and Li (2020)
provides an understanding of the existing threat landscape, and a framework for attack
classification along the Cyber Kill Chain 188. It highlights potential for AI-enhancement at
each step of the Kill Chain: (1) AI-targeted reconnaissance; (2) AI-aided vaporization; (3)
AI-concealed delivery; (4) AI-automated exploitation; (5) AI-evolved installation; (6) AI-
multilayered C2; (7) AI-massive action. Kaloudi and Li (2020) illustrate their framework

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3871

by describing a fictive attack scenario against smart grid infrastructure. In the preparation
phase heuristic risk graph methods can be used to identify the critical path to cascading
failures as proposed by Zhu et al. (2014). Yan et al. (2017) demonstrate how reinforce-
ment learning can help identifying the critical attack sequence. With these approach, even
an actor ignoring the specifics of smart grid infrastructures can quickly become aware of
exploitable dependencies. A password brute-force malware such as Trieu and Yang (2018)
can be used to acquire passwords of authorised personnel. Smart meters can be turned to
a large botnet and shut off at once (Anderson and Fuloria 2010). The use of evasive mal-
ware (Kirat et al. 2018) based on deep learning algorithms makes the need for a remote
control control channel obsolete as the weapon can autonomously discover its environment
and spread according to an optimized path. Essentially, what applies to smart grids would
largely apply to another type of CPS such as the FoF with different, but no less meaningful
impacts.

5 Vision for AI‑based cyber‑resilience of Industry 4.0

5.1 Towards orchestration of HIDS and NIDS

It appears advantageous that an IDS be able to reach network- and kernel level data, which
means: NetFlow, network-level data and OS kernel-level data (Buczak and Guven 2016).
This combination most likely requires the combination of host-based and network-based
IDS which at state of the art don’t usually collaborate in detection. Orchestrating the col-
laboration between HIDS and NIDS might provide significant improvements in detection
performance (Yeo et al. 2017) and support enhanced automation of investigation steps. For
implementation, though, a number of limitations of state of the art HIDS technology need
to be addressed (Kumar 2017). Existing endpoint detection and response (EDR) technol-
ogy does not easily apply to time-sensitive systems, due to their impact on performance
and power consumption (Tedeschi et al. 2019). An alternative is to deploy detection agents
on the Edge (Schneible and Lu 2017) of CMfg network. It could perform time-sensitive
detection tasks without affecting time-critical processes underneath (Fig. 1).

Fig. 1  A distributed cloud manufacturing security architecture framework

13
3872 A. Bécue et al.

5.2 Towards adversarial/robust AI

Several possible countermeasures to harden machine learning models are proposed (Paper-
not et al. 2017; Xiao et al. 2015), the key idea is to enhance the robustness of the algo-
rithms by introducing priori or regularization (Fig. 2).
An arm-racing training framework shown in figure above proposed for general purpose
of model training, and the schema is recently well studied and popularized as generative
adversarial training (Goodfellow et al. 2014). We train two competing models as defender
and attacker.
In the figure below, an adversarial network mimics the attacks by generating malicious
samples that will be injected to defender’s training process together with real dataset. After
sufficient iterations of learning, the trained models are supposed to be more robust (Fig. 3).

5.3 Towards human/machine behavior monitoring

Many experiments of ML/DM-based detection show a certain weakness in properly detect-

ing User to Remote (U2R) attacks. This is the case for Naïve Bayes as demonstrated by
Amor et al. (2004) (12%), Ensemble Methods with Gharibian and Ghorbani (2007) (35%),
Bayesian Networks with Jemili et al. (2007) (7%), the best measure performance, being
that of Mukkamala et al. (2005) (76%) using an ensemble of 3 ANNs and a combination
of 5 classifiers. This weakness raises concern when we consider how preva-lent is the
involvement of insiders in real attacks (> 70%). From a computing perspective, a U2R and
a legitimate user action may not look very different. Therefore, these scenarios may never
find proper countermeasures in traditional intrusion detection techniques, but rather in their
combination with anomaly detection techniques applying to human behavior. Monitoring
physiological, emotional and mental state of users in future factories might help reinforc-
ing or rejecting the suspicion raised by weak signals analysis in ICS environments.

Fig. 2  Arm-race framework to address the transition from reactive to proactive defense. (Source: Xiao
2017)

Fig. 3  Adversarial training in

arm-race framework

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3873

6 Conclusion

In this work we aimed at highlighting the dual role of AI in intelligent manufacturing sys-
tems. We first provide insights on the advent of AI in Industry 4.0, introducing use-cases
which range from passive monitoring to prescriptive optimization or even proactive pro-
cess control (§2). Then we introduce common ICS security practices, describe the many
uses of ML/DM techniques in field of intrusion detection, and examine their applicability
to existing OT environments (§3). Finally we expose the challenges related with AI uses
and misuses in the FoF, embracing safety and security issues with consideration for AI as a
target, as a threat and as a tool. Both Industrial AI and ML/DM-based security techniques
struggle with the need of data in required quantity, quality and diversity. For convenience,
a description of existing public data sets and a description of data types needed for IDS
training is provided in Annex B. A description of selected IDS products and solutions
applicable to OT environments is also provided in Annex C. It gives an informative over-
look on respective strengths and weaknesses of existing solutions with regards to intrusion
detection in industrial environments.
Intrinsic security of AI has mainly been addressed by safety-oriented studies (Turchin
2015; Turchin and Denkenberger 2020; Yampolskiy 2016), potentially ignoring the per-
nicious nature of intentional threats. AI as a threat is the subject of a growing body of
literature (Kirat et al. 2018; Chung et al. 2019; Zhang et al. 2018; Hitaj et al. 2017; Trieu
and Yang 2018; Seymour and Tully 2016; Bahnsen et al. 2018; Yao et al. 2017; Hu and
Tan 2017; Anderson et al. 2016; Petro and Morris 2017). AI as a mean for security, at state
of the art, is essentially addressed through the prism of IDS technology (Kumar and Spaf-
ford 1994; Dharmapurikar and Lockwood 2006; Lee and Stolfo 2020; Resende and Drum-
mond 2018; Zhang and Zulkernine 2005; Stefanova and Ramachandran 2017; Hu et al.
2008; Sebring et al. 1988; Debar et al. 1992; Ludovic 1998; Aickelin et al. 2007; Pagnoni
and Visconti 2004; Ertoz et al. 2004; Jensen and Nielsen 2007; Valdes and Skinner 2000;
Yeung and Ding 2003; Gao et al. 2006; Yao 2005; Luo and Bridges 2000; Sindhu et al.
2012; Zaman and Karray 2009; Sung and Mukkamala 2003; Smaha 1988; Anderson et al.
1995; Kolias et al. 2011; Thakkar and Lohiya 2020). In this work, we have identified other
problems, left relatively unaddressed by research and industry, such as the need for cor-
relation and orchestration of detection capacities across network, edge and host (§4.5); the
potential for adversarial training of defensive AI to achieve intrinsic robustness of future
industrial and security applications (§4.6); and the requirement for improved monitoring
of human-machine behavior in a context where decisions are increasingly made by or sup-
ported by AI (§4.7). Eventually the proposition is to increment AI-based OT monitoring,
optimization and control capacities depicted in §2 together with a complementary AI-
based resilience capacity as suggested in §4. With this we intend to turn AI from a threat
to an opportunity for enhanced security of smart manufacturing. Such promises can be
found in starting research and innovation projects such as CyberFactory#1 (ITEA3 Project
Nr17032) and SeCoIIA (H2020 Project Nr 871967).

13
3874 A. Bécue et al.

Appendix A: Nature, types and sources of data for ML‑based IDS

Appendix A.1: Data types for ML/DM applied to IDS

As we highlighted the importance of data quality and quantity to DM/ML techniques,

it is important to highlight the diverse nature of data which can be used for intrusion
detection. A first distinction is between Packet level data and Netflow data. Packet level
data: the packets transmitted through network infrastructures can be captured by a spe-
cific Application Programming Interface (API) called pcap. IDS and other network
security equipment use Libpcap and WinPCap as packet capture libraries of Unix and
Windows respectively. The Ethernet frame contains an Ethernet header such as media
access control [MAC] address, and up to 1500 bytes [maximum transmission unit
(MTU)] of payload which contains the IP packet made of IP header and IP payload
where the data content lies. The features captured from pcap interface vary depending
on the protocols carried in the packet. IP addresses are captured in the IP header.
NetFlow Data: NetFlow was originally a router feature by Cisco, enabling to col-
lect IP Network traffic as it enters or leaves the network equipment. In its version 5,
NetFlow is defined as a unidirectional sequence of packets that share the exact same
seven packet attributes: ingress interface, source IP address, destination IP address, IP
protocol, source port, destination port, and IP type of service. NetFlow data include a
compressed and preprocessed version of the actual network packets.
Kernel level data: the kernel is the core of a computer’s operating system. It han-
dles requests from applications, sends instructions to central processing unit, allocates
computing resource, and man-ages memory and peripherals. Kernel level data can be
analyzed to provide evidence of attacks on the endpoint. The analysis would be specific
to the type of operating system monitored. Kernel behavior analysis can be performed
based on expert rules, statistical approaches or DM/ML techniques. It could rely on end-
point detection and response (EDR) agents or Host IDS (HIDS). An interesting field of
investigation is the correlation is the correlation of alerts raised by network level and
kernel level IDS.

Appendix A.2: Public data sets for IDS training and testing

ML/DM methods require vast amounts of data, in most cases labeled, in any case repre-
sentative from real network traffic and free of use. Data collection is a painful step. Net-
work data are usually subject to confidentiality and privacy issues. This is particularly the
case of OT networks which usual-ly bear company or utility confidential data. A compari-
son of performance in intrusion detection between two projects is only valid if they use the
same data set. For those reasons, public data sets have been collected and shared across the
research community.

– DARPA 1998 (Lippmann et al. 2000): this data set was created by the Lincoln Labora-
tory from Massachusetts Institute of Technology in 1998 to support an offline evalua-
tion of IDS on network traffic and audit logs collect-ed on a simulation network.
– DARPA 1999 (Lippmann et al. 2000): also created by the Lincoln Laboratory, this
data set contained three weeks of training data among which only the second week
contained a selected subset of attacks from the 1998 evaluation in addition to several

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3875

new attacks. In 1999, intrusion detection systems were tested as part of an off-line
evaluation, a real time evaluation or both.
– KDD 1999 (Stolfo 1999): the NSL-KDD corrects a number of discrepancies found
in KDD 1999. It has been used for The Third International Knowledge Discovery
and Data Mining Tools Competition, which was held in conjunction with KDD-99.
– CICIDS2017 (Sharafaldin et al. 2018): probably the most up to date public data set
for NIDS training and testing. It contains benign and the most up-to-date common
attacks. It also includes the results of the network traffic analysis using a network
traffic flow generator with labeled flows based on the time stamp, source and destina-
tion IPs, source and destination ports, protocols and attack. The implemented attacks
include Brute Force FTP, Brute Force SSH, DoS, Heartbleed , Web Attack, Infiltra-
tion, Botnet and DDoS within 5 days of traffic.
– ADFA data sets (2013–2014): the ADFA data sets provide kernel level data for
HIDS training and testing. The ADFA Linux Dataset (ADFA-LD) (Creech and Hu
2014, 2013) provides a contemporary Linux dataset while ADFA Windows Dataset
(ADFA-WD) (Creech 2014) provides representative windows kernel data. A Stealth
Attacks Ad-dendum (ADFA-WD:SAA) (Creech 2014) contains stealth attack traces
for evaluation in conjunction with the AD-FA-WD (Creech 2014).
– MODBUS data sets (2014) (Morris and Gao 2014): 4 data sets were developed by
Thomas Morris and Wei Gao in a project entitled “Industrial Control System Traffic
Data Sets for Intrusion Detection Research”. They include network traffic, process
control and process measurement features from two laboratory-scale SCADA sys-
tems. They were generated from network flow records captured with a serial port
data logger in a laboratory environment. They contain transactions from a gas pipe-
line system and a water storage tank system. A set of 28 attacks were grouped into
four categories: reconnaissance, response injection, command injection and denial-
of-service attacks. Although MODBUS is a particular SCADA protocol, the authors
claim their data sets are relevant to a wide variety of SCADA systems and would
apply to other than pipeline or water storage ICS.

The DARPA, KDD and CICIDS2017 data sets contain network level and kernel level
data representative of IT networks and appropriate for training and testing of generic
NIDS. They may contain useful data for OT IDS but would not to address the very
specificities of such environments. They are how-ever useful to assess IDS performance
as they are widely used and thus form a potential reference for comparison of perfor-
mances. The ADFA data set is dedicated to HIDS training and testing. It is useful to
work on detection of industrial endpoint

– The CIDDS-001 (Coburg Intrusion Detection Data Set), disclosed by Markus Ring
et al. in [8], contains about four weeks of network traffic from two different environ-
ments, an emulated small business environment (OpenStack) and an External Server
that captured real and up-to-date traffic from the internet. The OpenStack environ-
ment includes several clients and typical servers like an E-Mail server or a Web
server. The dataset contains labeled flow-based data that can be used to evaluate
anomaly-based network intrusion detection systems considering normal activity as
well as DoS, Brute Force, Ping Scans and Port Scan attacks. The collection of data
provided by the CIDDS-001 dataset is represented in an Netflow format. Netflow is
a feature of CISCO routers that allows the collection of IP network traffic as it enters
or exits an interface.

13
3876 A. Bécue et al.

Appendix B: Open source OT IDS solutions

There are three major open source NIDS currently available for ICS/SCADA: Snort Suricata
and Bro.

– Snort is the oldest and most famous NIDS. It is a signature-based NIDS owned by Source-
Fire. It is widely used by any type of organizations (large companies, SMEs, research labs,
governmental organ-izations). In addition, this solution is supported by a huge community
of users and developers. When the interest to ICS/SCADA appeared, Snort was an obvious
choice for attempting to adapt an IT-related IDS to ICS/SCADA needs. It remains the most
studied NIDS, including in the ICS/SCADA domain and Snort comes with a large set of
SCADA-oriented rules.
  The work performed by Digital Bond since 2009 on SCADA IDS is probably the most
cited. It deals with ready-to-use rules for Snort and Suricata. Thus, if one wants to create
his/her own solution, it is quite simple to build a system able to detect malicious packets.
– Suricata Developed by the OISF (Open Information Security Foundation), Suricata is
a signature-based IDS, competitor of Snort. The main advantage of Suricata is the easy
integration of Snort rules. Suricata is multi-threaded, Snort is not. It is not necessarily
an advantage. Suricata is more scalable but may require more resources even if a study
states that Suricata does its job, at least, as good as Snort. However, the level of maturity is
lower and the Suricata community is less important than the Snort ones. Suricata is trickier
to use than Snort as well. It is worth mentioning that the French national cyber security
agency (ANSSI) officially supports Suricata as an IDS adapted to critical infra-structures.
The Suricata project is quite dynamic: a version is released every 2 or 3 months.
– Bro Presented in 1999 by V. Parxson, Bro is not restricted to any particular detection
approach and does not rely on traditional signatures. Then Bro’s detection principle is
completely different from Snort. As a consequence, it may be more efficient than Snort
on some types of intrusion. Addition-ally, it embeds a capacity of network flow analysis
(including performance measurements). Howev-er, Bro is less used than Snort, probably
because it does not have any graphical user interface and has to be fully configured in com-
mand line mode. Furthermore, it only runs on Linux, FreeBSD and Mac OS X operating
systems. Despite these limitations, it remains widely used by academics.

Appendix B.1: Synthesis on Open source IDS solutions

Snort benefits from a large support by the community. It is integrated with many other sys-
tems (e.g., rule providers, SIEM) and add-ons make it adaptable to many usages (IT and OT).
Suricata—the Snort challenger—is scalable but requires extensive computing resources. Bro
is an IDS mostly used by academics and would require a lot of effort to make it usable in an
operational environment.

Appendix C: Vendor OT IDS solutions

Many commercial solutions use one or several frameworks coming from the above men-
tioned open source tools. Still the effectiveness of IDS solutions highly relies on the capac-
ity of a company to write relevant rules, and to analyze customer architecture and needs.
The analysis of vendor solu-tions below results from an assessment carried out by Airbus

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3877

Defence and Space Cybersecurity based on an analysis of product documentation and ven-
dor questionnaires.

Appendix C.1: Signature‑based IDS

Most signature-based IDS are originally designed for IT security. The following three
products have been short listed for their applicability to ICS/SCADA environments. Many
other IDS exist on the market which however do not equally match the specific require-
ments of OT environments.

– Cisco IPS, Firepower, is a signature-based and agent-less solution that embeds SCADA-
related rulesets. The IPS uses deep packet inspection (DPI) to detect attacks. The detec-
tion process starts by normalizing received packets and goes on parallel inspection at
various levels (e.g., IP headers, TCP payloads). Signatures are built from vulnerability
bulletins, provided an exploit is known. More than 35,000 vulnerability-focused rules
are available. As an IPS, Firepower manages a prevention policy and especially one
dedicated to industrial protocols (e.g., Modbus, ICCP).
– Fortinet propose an IPS solution embedded in their firewall offer, FortiGate. There is
a specific range adapted to industrial environments, meaning appliances are designed
to resist to tempera-ture constraints (very low, very high, variations), vibrations, etc.
Additionally Fortinet propose a range of security solutions such as switches, web ana-
lyzers and central managers for industry-focused cyber security. FortiGate IPS is a sig-
nature-based IPS. It supports BACnet, DLMS/COSEM, DNP3, EtherCAT, ICCP, IEC-
60870.5.104, Modbus/TCP, OPC, PROFINET. A combination of Fortinet and Nozomi
solutions extends this list and provides anomaly detection capacity.
– Leidos Industrial Defender ASM is a US solution, owned by Leidos. It is a cyber secu-
rity solution that in-cludes asset discovery and management, compliance monitoring,
reporting and security event mon-itoring. The solution relies on a three-tier architecture
with a manager (ASM), local appliances (ASA) and a signature-based NIDS. In terms
of protocols, the NIDS supports Modbus, TCP, DNP3, Profibus, ODVA Ethernet/IP,
and ICCP, and generate alarms that are sent to the ASM for logging and diagnosis.
The amount of available rules makes it very likely that the NIDS is an overlay of an
existing NIDS (such as Snort). However, Leidos mentions that they create specific rules
from the ICS typical at-tacks. Even if the solution is very promising with its exhaus-
tive approach, it is very linked with the US government which may be a reason to be
rejected for monitoring of critical infrastructures in Europe.

Appendix C.2: Anomaly‑based IDS

Because state of the art ICS are so predictable in their behavior and employ specific and
simple protocols, most existing OT IDS rely on anomaly detection. The following are
examples selected among the most well-known anomaly-based industrial security products.

– Claroty is an Israeli company founded in 2016, with a headquarter based in the US and
a research and development staff based on Israel. The Claroty company proposes a set
of components fully dedi-cated to cyber security of industrial networks. Among their
OT security platform, the Enterprise Management component collects events from the
monitoring virtual appliance to build dashboards and send alert data to external systems

13
3878 A. Bécue et al.

such as SIEMs, log managers and ticket request systems. The network anomaly-based
detection (deterministic and behavioural models) is performed in a passive mode with
DPI, using a span port (no agents) or connecting to sensors on serial networks. Both
seri-al and Ethernet networks can be monitored. Raised events are linked to assets (e.g.,
PLCs, HMIs) modelled in the Claroty’s knowledge base. Along with the network intru-
sion detection, Claroty provides a change monitoring from commands observed from
the network. A large range of IT and OT protocols are supported. Focusing on indus-
trial protocols: Modbus, Siemens S7/S7-Plus, Siemens P2, EtherNet/IP + CIP, PCCC/
CPSv4, GE SRTP, VNet/IP, Emerson Ovation DCS protocols, Emerson Del-taV DCS
protocols, Melsec/Melsoft, FTE, ABB 800xA DCS protocols, MMS (including ABB
extension), Sattbus, OPC DA/AE/UA, IEC104, DNP3, Profinet-DCP, and Bacnet.
– Indegy Founded in 2014, Indegy is an Israeli company. Indegy provides an ICS Cyber
Security Platform that detects changes to controller logic, configuration, firmware and
state. The anomaly-based Indegy IDS includes a DPI (Deep Packet Inspection) engine
that focuses on control-layer events. All supported protocols are not publicly available:
Modbus and DNP3 are mentioned only. Even if not detailed, the approach is based on
the technical asset discovery (devices, configuration and state) and addresses multi-site
contexts. Sensors are deployed on sites, and the analysis is made on a sin-gle point by a
centralized analyzer.
– SecurityMatters is a Dutch company founded in 2009 that develops the SilentDefense
solution, a hybrid IDS. This solution provides automatic asset and network flows dis-
covery. This information is used by the anomaly-based engine. The SilentDefense DPI
engine comes with more than 800 rules. It detects cyber attacks and network misconfig-
uration. The solution supports many ICS and IT proto-cols. Focusing on industrial pro-
tocols (excluding proprietary protocols): BACnet, DNP3, EtherNet/IP + CIP, Founda-
tion Fieldbus HSE, IEC 60870-5-101/104, ICCP TASE.2, IEC 61850 (MMS, GOOSE,
SV), IEEE C37.118 (Synchrophasor), Modbus/TCP, OPC-DA, OPC-AE, PROFINET
(RPC, RTC, RTA, DCP and PTCP). The SilentDefense architecture is based on sensors
connected to the SPAN/mirroring port of network switches, and a Command Center
that performs a central analysis, provides visualizations and connects to external sys-
tems such as a SIEM.
– Sentryo is a French company founded in 2014. ICS CyberVision is the solution devel-
oped by Sentryo. It includes asset inventory and network analysis through a DPI engine.
Sentryo CyberVision supports a wide range of industrial protocols and the main IT pro-
tocols. Focusing on industrial pro-tocols: Modbus, OPC-DA/UA, IEC 61850, EtherNet/
IP + CIP, PROFINET and Siemens S7. Sentryo per-formed a PoC on a railway infra-
structure use case with a railway-related manufacturer, specifically on signalling and
control-command. They added support on specific protocols from this manufactur-er
and implemented some threat scenarios (no details provided on these scenarios).

Appendix C.3: Hybrid IDS

The following IDS products typically mix signature-based and anomaly-based approach in
an attempt to gather the advantages of both detection techniques.
Cyberbit Founded in 2015, Cyberbit is an Israeli company, editor of the SCADAShield
and EDR solutions. The offering is very close to the one from Claroty: intrusion detection,
change monitoring, asset discovery and SIEM interface. Detection capabilities include
deep packet inspection (DPI) which results are used in the investigation phase. The EDR

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3879

detection engine is not very well detailed. Cyberbit mentions an automated blacklisting and
white-listing capability to detect abnormal situations.
Cypres This French solution comes from a research project funded by the EU, led by
FPC Ingénierie and with Netceler, two SMEs specialized in industrial automation, software
development and cyber security. This non-intrusive solution is dedicated to ICS/SCADA
networks. Intrusions are detected by rule-based IDS probes. Cypres probes can also detect
non legitimate machines and protocols. Rules are contextualized, meaning they take the
system state and ongoing operations into consideration. Contexts are acquired through a
learning process. Another type of rules is based on a heuristic engine that checks anoma-
lies of processes, depending on the replicability of the process controls. The project is still
ongoing. Since this solution has been deployed in the frame of proof of concept (PoC)
only, it probably lacks of maturity. However, no PoC has been performed on the rail-way
domain so far.
Nozomi Nozomi is a Swiss company founded in 2013, with headquarters in the USA.
Nozomi is the editor of the SCADAGuardian solution. This solution includes a network
IDS, a process anomaly detection system and a cyber risk evaluation system. The IDS
relies on a signature-based DPI engine. The solution is design to address multi-site secu-
rity monitoring and includes a Central Management Console (CMC) to aggregate from
multiple sites and centralize the cyber security awareness. The solution supports many
ICS and IT protocols. Focusing on industrial protocols: Aspentech Cim/IO, BAC-Net,
Beckhoff ADS, BSAP IP, CEI 79-5/2-3, COT P, DNP3, Enron Modbus, EtherCAT, Eth-
erNet/IP - CIP, Foundation Fieldbus, Generic MMS, GOOSE, Honeywell, IEC 60870-5-7
(IEC 62351-3 + IEC 62351-5), IEC 60870-5-104, IEC-61850 (MMS, GOOSE, SV), IEC
DLMS/COSEM, ICCP, Modbus/TCP, MQTT, OPC, PI-Connect, Profinet/DCP, Profinet/I-
O CM, Profinet/ RT, Sercos III, Siemens S7, Vnet/IP. Nozomi provides a SDK that enables
a customer to extend support for new protocols. SCADAShield comes in more than 10
appliance versions (physical or virtual). It is worth mentioning that the technical documen-
tation publicly available on SCADAShield is very detailed and clear, which is usually not
the case for its competitors.
Radiflow Radiflow is an Israeli company founded in 2009. The solution developed
by Radiflow for SCADA networks is iSID. The iSID solution embeds an anomaly-based
detection engine. The change monitoring process relies on the knowledge of the existing
assets along with used protocols and sessions. To get this knowledge, an asset topology dis-
covery capacity has been implemented. The learning process makes the iSID solution able
to detect any change in the network topology such as new sessions. A DPI system relying
on a set of rules analyses the network traffic to detect any policy violations. The list of
supported protocols is not publicly available. Some papers and datasheets mention: Mod-
bus, DNP3, IEC-104 and 61850. The iSID solution also manages vulnerabilities by both
active and passive scans. Then their signature-based Cyber Attack module uses this infor-
mation to detect any vulnerability exploitation by an attacker. Incident response is managed
through an inter-face with the Radiflow security gateway: iSID is able to push policy modi-
fications into the Radiflow security gateway.

Appendix C.4: Synthesis

The table below summarizes the characteristics of IDS solutions described in the previous
sections. No solutions have been evaluated in a testbed. That is why there is no information
about their performance and reliability. The performance metrics provided by the vendors

13
3880 A. Bécue et al.

are not considered relevant for an objective comparison. Detection rates and false positive
rates highly depend on the data sets used for evaluation and the training method (in the
case of ML-based detection) or the human experts involved in rule edition (in the case of
misuse detection). To date there is not any agreed international standard for assessment
of detection performance. Existing certification frameworks for IDS focus on assessing
the protective functions. While such as technical assessment would surely be of interest, it
would require significant resources and the cooperation of product vendors.

References
Adadi A, Berrada M (2018) Peeking inside the black-box: a survey on explainable artificial intelligence
(XAI). IEEE Access 6:52138–52160
Aickelin U, Greensmith J, Kim J, Bentley PJ, Twycross J Tedesco (2007) Immune system approaches to
intrusion detection—a review. Nat Comput 413–466
Althubiti SA, Jones EM, Roy K (2018) LSTM for anomaly-based network intrusion detection. In: 2018 28th
International telecommunication networks and applications conference (ITNAC), pp 1–3
Alzantot M, Sharma Y, Chakraborty S, Zhang H, Hsieh C-J, Srivastava M (2018) Genattack: practical
black-box attacks with gradient-free optimization
Amor NB, Benferhat S, Elouedi Z (2004) Naive bayes vs decision trees in intrusion detection systems. In:
Proceedings of the 2004 ACM symposium on applied computing, SAC’04. ACM, New York, pp
420–424
Anderson R, Fuloria S (2010) Who controls the off switch? In: 1st IEEE international conference on smart
grid communications. IEEE, Los Alamitos, pp 96–101
Anderson D, Frivold T, Valdes A (1995) Next-generation intrusion detection expert system (NIDES) a
summary
Anderson HS, Woodbridge J, Filar B (2016) DeepDGA: adversarially-tuned domain generation and detec-
tion. In: Proceedings of the 2016 ACM workshop on artificial intelligence and security. ACM, New
York, pp 13–21
ANSSI ICS Working Group (2014) Managing cybersecurity of industrial control systems
Autodesk (2015) Autodesk and airbus show the future of aerospace design and manufacture in pioneering
generatively designed 3d printed partition. Accessed 3 June 2019
Axelsson S (2000) Intrusion detection systems: a survey and taxonomy. Technical report
Bahnsen AC, Torroledo I, Camacho D, Villegas S (2018) DeepPhish: simulating malicious AI. In: Proceed-
ings of the 2018 APWG symposium on electronic crime research (eCrime’18), pp 1–8
Balu A, Lore KG, Young G, Krishnamurthy A, Sarkar S (2016) A deep 3d convolutional neural network
based design for manufacturability framework
Baryannis G, Validi S, Dani S, Antoniou G (2018) Supply chain risk management and artificial intelli-
gence: state of the art and future research directions. Int J Prod Res 57(7):2179–2202. https​://doi.
org/10.1080/00207​543.2018.15304​76
Bechtsis D, Tsolakis N, Vlachos D, Srai JS (2018) Intelligent autonomous vehicles in digital supply chains:
a framework for integrating innovations towards sustainable value networks. J Clean Prod 181:60–71
Biggio B, Roli F (2018) Wild patterns: ten years after the rise of adversarial machine learning. Pattern Rec-
ognit 84:317–331
Bilge L, Kirda E, Kruegel C, Balduzzi M (2011) Exposure: finding malicious domains using passive DNS
analysis
Bilge L, Balzarotti D, Robertson W, Kirda E, Kruegel C (2012) Disclosure: detecting botnet command
and control servers through large-scale netflow analysis. In: ACSAC, 28th annual computer security
applications conference, December 3–7. Orlando, Florida, USA, Orlando, UNITED STATES
Breiman L (1996) Bagging predictors. Mach Learn 24(2):123–140
Breiman L (2001) Random forests. Mach Learn 45(1):5–32
Brundage M, Avin S, Clark J, Toner H, Eckersley P, Garfinkel B, Dafoe A, Scharre P, Zeitzoff T, Filar
B, Anderson H, Roff H, Allen GC, Steinhardt J, Flynn C, ÓhÉigeartaigh S, Beard S, Belfield H,
Farquhar S, Lyle C (2018) The malicious use of artificial intelligence: forecasting, prevention, and
mitigation

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3881

Buczak AL, Guven E (2016) A survey of data mining and machine learning methods for cyber security
intrusion detection. IEEE Commun Surv Tutor 18(2):1153–1176
Çaliş B, Bulkan S (2013) A research survey: review of AI solution strategies of job shop scheduling
problem. J Intell Manuf 26(5):961–973. https​://doi.org/10.1007/s1084​5-013-0837-8
Choi S, Jung K, Noh SD (2015) Virtual reality applications in manufacturing industries: past research,
present findings, and future directions. Concurr Eng 23(1):40–63
Chung K, Kalbarczyk ZT, Iyer RK (2019) Availability attacks on computing systems through alteration
of environmental control: smart malware approach. In: Proceedings of the 10th ACM/IEEE inter-
national conference on cyber-physical systems. ACM, New York, pp 1–12
Cohen G (1989) Using AI techniques to optimize manufacturing shop-floor operations. Eng Appl Artif
Intell 2(3):238–246
Creech G (2014) Developing a high-accuracy cross platform host-based intrusion detection system capa-
ble of reliably detecting zero-day attacks
Creech G, Hu J (2013) Generation of a new ids test dataset: time to retire the KDD collection, pp
4487–4492
Creech G, Hu J (2014) A semantic approach to host-based intrusion detection systems using contiguou-
sand discontiguous system call patterns. IEEE Trans Comput 63:807–819, 04
Culp C, Haberl J, Norford L, Brothers PW, Hall JD (1990) The impact of AI technology within the
HVAC industry. ASHRAE J (Am Soc Heat Refrig Air-Conditioning Eng) (USA) 32(12):12–22
Cunningham P, Delany SJ (2007) k-nearest neighbour classifiers: 2nd edition. https​://arxiv​
.org/2004.04523​
Czimmermann T, Ciuti G, Milazzo M, Chiurazzi M, Roccella S, Oddo CM, Dario P (2020) Visual-based
defect detection and classification approaches for industrial applications—a survey. Sensors
Debar H, Didier S, Becker M (1992) A neural network component for an intrusion detection system
Deutsches Institut für Normung eV (2016) Reference architecture model industrie 4.0 (RAMI4.0)
Dharmapurikar S, Lockwood JW (2006) Fast and scalable pattern matching for network intrusion detec-
tion systems. IEEE J Sel A Commun 24(10):1781–1792
Domb M, Bonchek-Dokow E, Leshem G (2016) Lightweight adaptive random-forest for IoT rule genera-
tion and execution. J Inf Secur Appl
Donlon M (2016) Machine learning in hvac controls. http://autom​atedb​uildi​ngs.com/news/jun16​/artic​
les/compu​trols​/16052​51116​06com​putro​ls.html. Accessed 3 June 2019
Eisenstein PA (2017) European car plants halted by WannaCry ransomware attack. https​://www.nbcne​
ws.com/busin ​ e ss/autos ​ / europ ​ e an-car-plant ​ s -halte ​ d -wanna ​ c ry-ranso ​ mware ​ - attac​ k-n7594 ​ 9 6.
Accessed 10 May 2020
Emanuilov I (2017) Autonomous systems in aviation: between product liability and innovation
Ertoz L, Eilertson E, Lazarevic A, Tan P, Srivava J, Kumar V, Dokas P (2004) Minds—minnesota intru-
sion detection system. In: Next generation data mining. MIT Press, Boston
European commission—digital transformation monitor “Germany: Industry 4.0” (2017). https​://ec.europ​
a.eu/growt​h/tools​-datab​ases/dem/monit​or/sites​/defau​lt/files​/DTM_Indus​trie%204.0.pdf
European Commission (2009) European machinery directive. Accessed 3 June 2019
Factories of the Future PPP (2020). Strategic multi-annual roadmap. https​://www.effra​.eu/sites​/defau​lt/
files​/facto​r ies_of_the_futur​e_2020_roadm​ap.pdf
Freund Y, Schapire RE (1997) A decision-theoretic generalization of on-line learning and an application
to boosting. J Comput Syst Sci 55(1):119–139
Fuente J, Saludes S (2000) Fault detection and isolation in a non-linear plant via neural networks, pp
463–468
Fuller A, Fan Z, Day C, Barlow C (2019) Digital twin: enabling technologies, challenges and open
research. arXiv e-prints
Gacek S (2012) CNC machine group scheduling methods in a multitasking system. In: Proceedings of
Carpathian logistics congress 2012, Jesenik, Czech Republic
Gao D, Reiter MK, Song D (2006) Behavioral distance measurement using hidden Markov models.
In: Proceedings of the 9th international conference on recent advances in intrusion detection,
RAID’06. Springer, Berlin, pp 19–40
Gau J, Evans R (2016) DeepMind AI reduces google data centre cooling bill by 40 percent
Gharibian F, Ghorbani A (2007) Comparative study of supervised machine learning techniques for intru-
sion detection, pp 350–358
Gonzalez FA (2003) A study of artificial immune systems applied to anomaly detection. PhD thesis.
AAI3092441

13
3882 A. Bécue et al.

Goodfellow IJ, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y

(2014) Generative adversarial nets. In: Proceedings of the 27th international conference on neural
information processing systems, NIPS’14, vol 2. MIT Press, Cambridge, pp 2672–2680
Granzer W, Praus F, Kastner W (2010) Security in building automation systems. IEEE Trans Ind Elec-
tron 57:3622–3630
Grapentin A, Plauth M, Polze A (2017) MemSpaces: Evaluating the tuple space paradigm in the context of
memory-centric architectures. In: 2017 Fifth international symposium on computing and networking
(CANDAR), pp 284–290
Grewal G, Areibi S, Westrik M, Abuowaimer Z, Zhao B (2017) A machine learning framework for FPGA
placement (abstract only). In: Proceedings of the 2017 ACM/SIGDA international symposium on
field-programmable gate arrays, FPGA’17. ACM, New York, pp 286–286
Hinton G, Sejnowski T (1999) Unsupervised learning: foundations of neural computation. MIT Press,
Cambridge
Hitaj B, Gasti P, Ateniese G, Perez-Cruz F (2017) Passgan: a deep learning approach
Hu W, Tan Y (2017) Generating adversarial malware examples for black-box attacks based on GAN
Hu W, Liao Y, Vemuri VR (2003) Robust support vector machines for anomaly detection in computer secu-
rity. In: Proceedings of the 2003 international conference on machine learning and applications—
ICMLA 2003, June 23–24, 2003, Los Angeles, California, USA, pp 168–174
Hu W, Hu W, Maybank S (2008) Adaboost-based algorithm for network intrusion detection. Trans Syst Man
Cybern Part B 38(2):577–583
Humayed A, Lin J, Li F, Luo B (2017) Cyber-physical systems security—a survey. IEEE Internet Things J
4(6):1802–1831
Hutchins EM, Cloppert MJ, Amin RM (2011) Intelligence-driven computer network defense informed by
analysis of adversary campaigns and intrusion kill chains. Lead Issues Inf Warf Secur Res 1(1): 80
Ilgun K, Kemmerer RA, Porras PA (1995) State transition analysis: a rule-based intrusion detection
approach. IEEE Trans Softw Eng 21(3):181–199
Jemili F, Zaghdoud M, Ahmed MB (2007) A framework for an adaptive intrusion detection system using
Bayesian network, pp 66–70
Jensen F, Nielsen TD (2007) Bayesian networks and decision graphs, 2nd edn. Springer Publishing Com-
pany, Incorporated, Berlin
Ji W, Wang L (2017) Big data analytics based fault prediction for shop floor scheduling. J Manuf Syst
43(Part 1):187–194
Kalajdzic K, Jegourel C, Bartocci E, Legay A, Smolka S, Grosu R (2015) Model checking as control: feed-
back control for statistical model checking of cyber-physical systems
Kaloudi N, Li J (2020) The AI-based cyber threat landscape: a survey. ACM Comput Surv 53(1), Article 20
Karami A, Guerrero-Zapata M (2015) A fuzzy anomaly detection system based on hybrid PSO-Kmeans
algorithm in content-centric networks. Neurocomputing 149:1253–1269, 02
Kirat D, Jang J, Stoecklin M (2018) Deeplocker—concealing targeted attacks with AI locksmithing. In: Pro-
ceedings of the black hat USA conference
Knowles W, Prince D, Hutchison D, Diss JP, Jones K (2015) A survey of cyber security management in
industrial control systems. Int J Crit Infrastruct Prot 9
Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey.
Comput Secur 30(8):625–642
Korvesis P (2017) Machine learning for predictive maintenance in aviation. Artificial intelligence[cs.AI]
Kumar K (2017) Intrusion detection and prevention system in enhancing security of cloud environment.
6:2278–1323
Kumar S, Spafford EH (1994) A pattern matching model for misuse intrusion detection. Technical report,
Purdue University
Laura B, Davoli L, Medioli A, Marchini PL, Ferrari G (2019) Toward industry 4.0 with IoT: optimizing
business processes in an evolving manufacturing factory
Lee W, Stolfo SJ (2020) A framework for constructing features and models for intrusion detection sys-
tems. Association for Computing Machinery, New York, pp 227–261. https​://doi.org/10.1145/38291​
2.38291​4
Lee J-H, Lee J-H, Sohn SG, Ryu JH, Chung Tai-Myoung M (2008) Effective value of decision tree with
KDD 99 intrusion detection datasets for intrusion detection system. In: 2008 10th International con-
ference on advanced communication technology, vol 2, pp 1170–1175
Lee J, Davari H, Singh J, Pandhare V (2018) Industrial artificial intelligence for industry 4.0-based manu-
facturing systems
Li J (2018) Cyber security meets artificial intelligence: a survey. Front Inf Technol Electron Eng 1462–1474

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3883

Li B, Hou B, Yu W, Lu X, Yang C (2017) Applications of artificial intelligence in intelligent manufacturing:

a review. Front Inf Technol Electron Eng 18(1):86–96. https​://doi.org/10.1631/FITEE​.16018​85
Lightman S, Abrams M, Hahn A, Stouffer K, Pillitteri V (2015) Guide to industrial control systems (ICS)
security
Lim Y, Ramasamy S, Gardi A, Kistan T, Sabatini R (2017) Cognitive human–machine interfaces and inter-
actions for unmanned aircraft. J Intell Robotic Syst 10
Lin S-W, Miller B, Durand J, Bleakley G, Chigani A, Martin R, Murphy B, Crawford M (2019) The indus-
trial internet of things volume g1: reference architecture. 6
Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall K, Mcclung DM, Weber D, Webster SE, Wyschogrod
D, Cunningham RK, Zissman MA (2000) Evaluating intrusion detection systems: the 1998 DARPA
off-line intrusion detection evaluation
Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 DARPA off-line intrusion detection
evaluation. Comput Netw 34(4):579–595
Lowe’s Company Incorporated (2016) Lowe’s introduces LoweBot—the next generation robot to enhance
the home improvement shopping experience in the bay area
Lu Y, Xu X (2019) Cloud-based manufacturing equipment and big data analytics to enable on-demand man-
ufacturing services. Robotics Comput Integr Manuf 57:92–102
Ludovic ME (1998) Gassata, a genetic algorithm as an alternative tool for security audit trails analysis. In:
Proceedings of the first international work-shop on the recent advances in intrusion detection
Lunt TF, Jagannathan R (1988) A prototype real-time intrusion-detection expert system. In: Proceedings of
the 1988 IEEE conference on security and privacy, SP’88. IEEE Computer Society, Washington, DC,
pp 59–66
Luo J, Bridges S (2000) Mining fuzzy association rules and fuzzy frequency episodes for intrusion detec-
tion. Int J Intell Syst 15:687–703, 08
Luo Y, Xiao Y, Cheng L, Peng G, Yao DD (2020) Deep learning-based anomaly detection in cyber-physical
systems: progress and opportunities. arXiv​:2003.13213​
Makkar S, Devi G, Solanki V (2020) Applications of machine learning techniques in supply chain
optimization
Malatras A, Skouloudi C, Koukounas A (2019) Industry 4.0 cybersecurity: challenges & recommendations
Mantere M, Sailio M, Noponen S (2014) A module for anomaly detection in ICS networks. In: Proceedings
of the 3rd international conference on high confidence networked systems, HiCoNS’14. Association
for Computing Machinery, New York, pp 49–56
Mao S, Wang B, Tang Y, Qian F (2019) Opportunities and challenges of artificial intelligence for green
manufacturing in the process industry. Engineering 5(6):2019
Mazini M, Shirazi B, Mahdavi I (2018) Anomaly network-based intrusion detection system using a reliable
hybrid artificial bee colony and AdaBoost algorithms. J King Saud Univ Comput Inf Sci
Moon I, Lee GM, Park J, Kiritsis D, von Cieminski G (2018) Advances in production management systems.
Production management for data-driven, intelligent, collaborative, and sustainable manufacturing. In:
IFIP WG 5.7 international conference, APMS proceedings. Part I, Seoul, Korea, p 2018
Morris T, Gao W (2014) Industrial control system traffic data sets for intrusion detection research. Int Conf
Crit Infrast Prot 441:65–78
Mosli R, Wright M, Yuan B, Pan Y (2019) They might not be giants: crafting black-box adversarial exam-
ples with fewer queries using particle swarm optimization
Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms.
J Netw Comput Appl 28(2):167–182
Nguyen TT, Reddi VJ (2019) Deep reinforcement learning for cyber security. CoRR. arXiv​:1906.05799​
Nicholas L, Ooi SY, Pang Y-H, Hwang SO, Tan S-Y (2018) Study of long short-term memory in flow-based
network intrusion detection system. J Intell Fuzzy Syst 35:5947–5957
Offshore Engineering (2017) Rosneft, maersk hit by petya cyber attack. https​://www.oedig​ital.com/
news/44623​7-rosne​ft-maers​k-hit-by-petya​-cyber​-attac​k. Accessed 10 May 2020
Otto B, Steinbuß S, International Data Spaces Association (2019) Reference architecture model. Anna-Lou-
isa-Karsch-Str. 210178 Berlin, Germany
Pagnoni A, Visconti A (2004) NAIS: intrusion detection via native immune system. In: Proceedings of the
10th international conference on cybernetics and information technologies, systems and applications.
Hsing-Wei Chu et al
Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks
against machine learning. In: Proceedings of the 2017 ACM on Asia conference on computer and
communications security, ASIA CCS’17. ACM, New York, pp 506–519
Park HS, Phuong DX, Kumar S (2019) AI based injection molding process for consistent product quality.
Procedia Manuf 28:102–106

13
3884 A. Bécue et al.

Petro D, Morris B (2017) Weaponizing machine learning: humanity was overrated anyway. In: Proceedings
of DEF CON 25
Phelan N (2016) Designing with machine learning
Pinker E (2018) Reporting accuracy of rare event classifiers. NPJ Digit Med 1(1):1–2
Polikar R (2009) Ensemble learning. Scholarpedia 4(4):2776
Porras PA, Neumann PG (1997) EMERALD: event monitoring enabling responses to anomalous live distur-
bances. In: 1997 National information systems security conference
Qiu S, Liu Q, Zhou S, Wu C (2019) Review of artificial intelligence adversarial attack and defense technolo-
gies. Appl Sci 9:909
Rabiner LR, Juang BH (1986) An introduction to hidden Markov models. IEEE ASSp Magazine
Resende PAA, Drummond AC (2018) A survey of random forest based methods for intrusion detection sys-
tems. ACM Comput Surv 51(3):48:1–48:36
Roesch M (1999) Snort: lightweight intrusion detection for networks. In: Proceedings of LISA’99: 13th sys-
tems administration conference, volume 99 of Lisa
Robert Friedman Jerome Hastie, Trevor Tibshirani (2009) Data Mining, Inference, and Prediction, The Ele-
ments of Statistical Learning
Russell S, Norvig P (2009) Artificial intelligence: a modern approach, 3rd edn. Prentice Hall Press, Upper
Saddle River
Saint-Gobain (2017) Press release—cyber-attack update. https​://www.saint​-gobai​n.com/sites​/sgcom​.maste​r/
files​/03-07-2017_cp_va.pdf. Accessed 10 May 2020
Samuel AL (1959) Some studies in machine learning using the game of checkers. IBM J Res Dev
3(3):210–229
Santofimia-Romero M-J, del Toro-García X, López-López J-C (2011) Artificial intelligence techniques for
smart grid applications
Schneible J, Lu A (2017) Anomaly detection on the edge, pp 678–682
Schneier B (2018) Artificial intelligence and the attack/defense balance. IEEE Secur Priv 2 16(2):96. https​://
doi.org/10.1109/MSP.2018.18708​57
Sculley D, Holt G, Golovin D, Davydov E, Phillips T, Ebner D, Chaudhary V, Young M, Crespo J-F, Denni-
son D (2015) Hidden technical debt in machine learning systems. In: Proceedings of the 28th interna-
tional conference on neural information processing systems, NIPS’15, vol 2. MIT Press, Cambridge,
pp 2503–2511
Sebring MM, Shellhouse E, Hanna MF, Whitehurst RA (1988) Expert systems in intrusion detection: a case
study
Seymour J, Tully P (2016) Weaponizing data science for social engineering: automated E2E spear phishing
on twitter. Proc Black Hat USA 37(2016):1–39
Sharafaldin I, Lashkari AH, Ghorbani A (2018) Toward generating a new intrusion detection dataset and
intrusion traffic characterization, pp 108–116
Sharif M, Bhagavatula S, Bauer L, Reiter MK (2016) Accessorize to a crime: real and stealthy attacks on
state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC conference on computer
and communications security, CCS’16. ACM, New York, pp 1528–1540
Sheen S, Rajesh R (2008) Network intrusion detection using feature selection and decision tree classifier,
pp 1–4
Shin C, Park S (2010) A machine learning approach to yield management in semiconductor manufacturing.
Int J Prod Res 38(17):4261–4271
Siddiqi A (2019) Adversarial security attacks and perturbations on machine learning and deep learning
methods. CoRR. arXiv​:1907.07291​
Sindhu SSS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrap-
per approach. Expert Syst Appl 39(1):129–141
Śliwiński M, Piesik E, Piesi J (2018) Integrated functional safety and cyber security analysis. IFAC-Paper-
sOnLine 51(24):1263–1270. 10th IFAC symposium on fault detection, supervision and safety for
technical processes SAFEPROCESS 2018
Smaha SE (1988) Haystack: an intrusion detection system
Stefanova Z, Ramachandran K (2017) Network attribute selection, classification and accuracy (NASCA)
procedure for intrusion detection systems. In: Proceedings of the 2007 IEEE international symposium
on technologies for homeland security
Stevens T (2020) Knowledge in the grey zone: AI and cybersecurity. Digital War 1:164–170. https​://doi.
org/10.1057/s4298​4-020-00007​-w
Stolfo SJ (1999) KDD cup 1999 data data set. Accessed 3 June 2019
Stouffer K, Lightman S, Pillitteri V, Abrams M, Hahn A (2015) Guide to industrial control systems (ICS)
security

13
Artificial intelligence, cyber-threats and Industry 4.0:… 3885

Sun B, Li X, Wan B, Wang C, Zhou X, Chen X (2016) Definitions of predictability for cyber physical sys-
tems. J Syst Archit 63:48–60
Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector
machines and neural networks. In: Proceedings of the 2003 symposium on applications and the inter-
net, SAINT’03. IEEE Computer Society, Washington, DC, p 209
System architectures for industrie 4.0 applications—derivation of a generic architecture proposal. Produc-
tion Engineering, Research and Development, Issue 3-4 (2019)
Szychter A, Ameur H, Kung A, Daussin H (2018) The impact of artificial intelligence on security: a dual
perspective. C&ESAR
Tavallaee M, Stakhanova N, Ghorbani A (2010) Toward credible evaluation of anomaly-based intrusion-
detection methods. IEEE Trans Syst Man Cybern Part C Appl Rev 40:516–524
Tedeschi S, Emmanouilidis C, Mehnen J, Roy R (2019) A design approach to IoT endpoint security for pro-
duction machinery monitoring. Sensors 19(2355):2019
Thakkar A, Lohiya R (2020) Role of swarm and evolutionary algorithms for intrusion detection system: a
survey. Swarm Evol Comput 53:100631
Thapar V (2019) GE brings AI into preventive maintenance to reduce jet engine failure by one-third
Trieu K, Yang Y (2018) Artificial intelligence-based password brute force attacks
Truong TC, Diep QB, Zelinka I (2020) Artificial intelligence in the cyber domain: offense and defense.
Symmetry 12(3):410
Turchin A (2015) A map: AGI failures modes and levels
Turchin A, Denkenberger D (2020) Classification of global catastrophic risks connected with artificial intel-
ligence. AI Soc 35(1):147–163
Valdes A, Skinner K (2000) Recent advances in intrusion detection. Adaptive, model-based monitoring for
cyber attack detection. Springer, Berlin
Wang L (2019) From intelligence science to intelligent manufacturing. Engineering 5(4):615–618
Warrender C, Forrest S, Pearlmutter B (1999) Detecting intrusions using system calls: alternative data mod-
els. In: IEEE symposium on security and privacy. IEEE Computer Society, pp 133–145
Williams TJ (1994) The Purdue enterprise reference architecture. Comput Ind 24(2–3):141–158
Xiao H (2017) Adversarial and secure machine learning
Xiao H, Biggio B, Nelson B, Xiao H, Eckert C, Roli F (2015) Support vector machines under adversarial
label contamination. Neurocomputing 160(C):53–62
Xu X (2012) From cloud computing to cloud manufacturing. Robotics Comput Integr Manuf 28(1):75–86
Xue D, Sun J, Norrie DH (2001) An intelligent optimal production scheduling approach using constraint-
based search and agent-based collaboration. Comp Ind 46(2):209–231. https​://doi.org/10.1016/S0166​
-3615(01)00118​-X
Yampolskiy RV (2016) Taxonomy of pathways to dangerous artificial intelligence. In: Proceedings of the
workshops at the 30th AAAI conference on artificial intelligence
Yampolskiy RV, Spellchecker MS (2016) Artificial intelligence safety and cybersecurity: a timeline of
AI failures. https​://arxiv​.org/abs/1610.07997​
Yan J, He H, Zhong X, Tang Y (2017) Q-learning-based vulnerability analysis of smart grid against sequen-
tial topology attacks. IEEE Trans Inf Forensics and Secur 12(1):2017
Yao J, Zhao SL, Saxton L (2005) A study on fuzzy intrusion detection, vol 5812
Yao M (2017) 4 unique challenges of industrial artificial intelligence
Yao Y, Viswanath B, Cryan J, Zheng H, Zhao BY (2017) Automated crowdturfing attacks and defenses in
online review systems. In: Proceedings of the 2017 ACM SIGSAC conference on computer and com-
munications security. Association for Computing Machinery, New York, pp 1143–1158. https​://doi.
org/10.1145/31339​56.31339​90
Ye N, Zhang Y, Borror CM (2004) Robustness of the Markov-chain model for cyber-attack detection. In:
IEEE transactions on reliability, vol 53, pp 116–123
Yegnanarayana B (2009) Artificial neural networks. PHI Learning
Yeo LH, Che X, Lakkaraju S (2017) Understanding modern intrusion detection systems: a survey
Yeung D-Y, Ding Y (2003) Host-based intrusion detection using dynamic and static behavioral models. Pat-
tern Recognit 36(1):229–243
Yin M, Yao D, Luo J, Liu X, Ma J (2013) Network backbone anomaly detection using double random for-
ests based on non-extensive entropy feature extraction. In: Ninth international conference on natural
computation, ICNC 2013, Shenyang, China, July 23–25, 2013, pp 80–84
Zaataria ES, Mareia M, Lia W, Usmanb Z (2019) Cobot programming for collaborative industrial tasks: an
overview. Robotics Auton Syst

13
3886 A. Bécue et al.

Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin
MJ, Ghodsi A, Gonzalez J, Shenker S, Stoica I (2016) Apache spark: a unified engine for big data
processing. Commun ACM 59(11):56–65
Zaman S, Karray F (2009) Features selection for intrusion detection systems based on support vector
machines. In: Proceedings of the 6th IEEE conference on consumer communications and networking
conference, CCNC’09. IEEE Press, Piscataway, pp 1066–1073
Zhang H, Wang M (2009) Search for the smallest random forest. Stat interface 2:381. https​://doi.
org/10.4310/SII.2009.v2.n3.a11.
Zhang J, Zulkernine M (2005) Network intrusion detection using random forests
Zhang R, Chen X, Lu J, Wen S, Nepal S, Xiang Y (2018) Using AI to hack IA: a new stealthy spyware
against voice assistance functions in smart phones
Zhou Z-H (2012) Ensemble methods: foundations and algorithms, 1st edn. Chapman and Hall/CRC, London
Zhu Y, Yan J, Sun YL, He H (2014) Revealing cascading failure vulnerability in power grids using risk-
graph. IEEE Trans Parallel Distrib Syst 25(12):3274–3284

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.

13