Enterprise industrial networks face threats that risk data and operations. However, designing efficient threat detection system is challenging due to data scarcity, especially where privacy is a concern. The complexity of enterprise industrial network data adds to this challenge, causing high false positives and interpretation issues. Towards this, we use IS computational design science paradigm to develop a two-stage cyber threat detection system for enterprise-level IS that are both secure and capable of adapting to evolving technological and business environments. The first stage generates synthetic industrial network data using a modified generative adversarial network. The second stage develops a novel bidirectional gated recurrent unit and a modified attention mechanism for effective threat detection. We also use shapley additive explanations and a decision tree technique for enhancing interpretability. Our analysis on two public datasets shows the frameworks high precision in threat detection and offers practical cybersecurity solutions and methodological advancements.
翻译:企业工业网络面临着危及数据与运营安全的威胁。然而,由于数据稀缺性(尤其是在涉及隐私的场景下),设计高效的威胁检测系统具有挑战性。企业工业网络数据的复杂性进一步加剧了这一挑战,导致高误报率与可解释性问题。为此,我们采用信息系统(IS)计算设计科学范式,开发了一个面向企业级信息系统的两阶段网络威胁检测系统,该系统兼具安全性,并能适应不断演进的技术与商业环境。第一阶段使用改进的生成对抗网络生成合成工业网络数据。第二阶段开发了一种新颖的双向门控循环单元及改进的注意力机制,以实现有效的威胁检测。我们还采用沙普利加性解释与决策树技术来增强可解释性。我们在两个公开数据集上的分析表明,该框架在威胁检测方面具有高精度,并提供了实用的网络安全解决方案与方法论进展。