A Hybrid Deep Learning Approach for Enhanced Intrusion Detection in Industrial Control Systems Using Federated Learning

Abstract

Industrial Control Systems (ICS) are increasingly vulnerable to cyberattacks, necessitating robust Intrusion Detection Systems (IDS). Traditional IDS approaches often struggle with the complexity and evolving nature of ICS threats. Deep learning (DL) models offer promising solutions, but their performance relies heavily on large, centralized datasets, which may be impractical or infeasible due to data privacy concerns and regulatory constraints. This paper proposes a novel hybrid deep learning approach for enhanced intrusion detection in ICS, leveraging federated learning (FL) to train models collaboratively across multiple ICS environments without sharing sensitive data. We develop a hybrid architecture that combines a Convolutional Neural Network (CNN) for feature extraction from raw network traffic data with a Recurrent Neural Network (RNN) for capturing temporal dependencies. The FL framework enables distributed training on local datasets within each ICS site, followed by secure aggregation of model updates on a central server. Experimental results on a benchmark ICS dataset demonstrate that our hybrid federated learning approach achieves superior detection accuracy and lower false alarm rates compared to traditional centralized DL models and conventional machine learning techniques, while preserving data privacy. The proposed method addresses critical security challenges in ICS environments, enabling proactive threat detection and improved overall system resilience.