With the rapid adoption of Industrial Internet of Things (IIoT) technologies, ensuring robust security against sophisticated cyberattacks has become a critical challenge. Traditional intrusion detection systems often rely solely on signature- based or anomaly-based methods, which limits their effectiveness in detecting both known and novel attacks. This study proposes a hybrid Industrial Intrusion Detection System (IIDS) that integrates the strengths of signature-based hashing and anomaly- based deep learning techniques. The system begins with signature-based detection using an enhanced Grøstl Hashing Algorithm (GHA) with right-shift rotation to quickly identify known attack patterns. For data that do not match existing signatures, the system employs an anomaly detection module, leveraging the Kullback-Leibler Divergence (KLD)based sailfish optimization algorithm for optimal feature selection. Classification is performed using a SoftSwish Gated Recurrent Unit (SSGRU), which enhances the learning of temporal dependencies and improves detection accuracy. The proposed system is evaluated on five benchmark datasets, and it demonstrated superior performance in terms of intrusion detection accuracy, false positive rates, and computational efficiency compared to standalone approaches. The findings confirm the efficiency of the hybrid IIDS in addressing the evolving security challenges in IIoT environments.

[1] Alaketu M., Oguntimilehin A., Olatunji K., Abiola O., and et al., “Comparative Analysis of Intrusion Detection Models Using Big Data Analytics and Machine Learning Techniques,” The International Arab Journal of Information Technology, vol. 21, no. 2, pp. 326-337, 2024. https://doi.org/10.34028/iajit/21/2/14

[2] Alem S., Espes D., Nana L., Martin E., and Lamotte F., “A Novel Bi-Anomaly-Based Intrusion Detection System Approach for Industry 4.0,” Future Generation Computer Systems, vol. 145, pp. 267-283, 2023. https://doi.org/10.1016/j.future.2023.03.024

[3] Arshad J., Azad M., Abdeltaif M., and Salah K., “An Intrusion Detection Framework for Energy Constrained IoT Devices,” Mechanical Systems and Signal Processing, vol. 136, pp. 1-13, 2020. DOI: 10.1016/j.ymssp.2019.106436

[4] Bansal K. and Singhrova A., “Review on Intrusion Detection System for IoT/IIoT: Brief Study,” 244 The International Arab Journal of Information Technology, Vol. 23, No. 2, March 2026 Multimedia Tools and Applications, vol. 83, pp. 23083-23108, 2024. https://doi.org/10.1007/s11042-023-16395-6

[5] Chen J., Gao X., Deng R., He Y., and et al., “Generating Adversarial Examples Against Machine Learning-based Intrusion Detector in Industrial Control Systems,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 3, pp. 1810-1825, 2022. DOI: 10.1109/TDSC.2020.3037500

[6] Cho K., Merrienboer B., Bahdanau D., and Bengio Y., “On the Properties of Neural Machine Translation: Encoder-Decoder Approaches,” arXiv Preprint, vol. arXiv:1409.1259v2, 2014. DOI: 10.48550/arXiv.1409.1259

[7] Divekar A., Parekh M., Savla V., Mishra R., and Shirole M., “Benchmarking Datasets for Anomaly-Based Network Intrusion Detection: KDD CUP 99 Alternatives” in Proceedings of the IEEE 3rd International Conference on Computing, Communication and Security, Kathmandu, pp. 1- 8, 2018. DOI: 10.1109/CCCS.2018.8586840

[8] Etxezarreta X., Garitano I., Iturbe M., and Zurutuza U., “Software-Defined Networking Approaches for Intrusion Response in Industrial Control Systems: A Survey,” International Journal of Critical Infrastructure Protection, vol. 42, pp. 1-17, 2023. DOI: 10.1016/j.ijcip.2023.100615

[9] Ghanem W., Ghaleb S., Aman J., Nasser A., and et al., “Cyber Intrusion Detection System Based on a Multiobjective Binary Bat Algorithm for Feature Selection and Enhanced Bat Algorithm for Parameter Optimization in Neural Networks,” IEEE Access, vol. 10, pp. 76318-76339, 2022. DOI: 10.1109/ACCESS.2022.3192472

[10] Hash Functions, National Institute of Standards and Technology, https://csrc.nist.gov/projects/hash-functions, Last Visited, 2025.

[11] Huong T., Bac T., Long D., Luong T., and et al., “Detecting Cyberattacks Using Anomaly Detection in Industrial Control Systems: A Federated Learning Approach,” Computers in Industry, vol. 132, pp. 1-16, 2021. https://doi.org/10.1016/j.compind.2021.103509

[12] Kaur S. and Singh M., “Hybrid Intrusion Detection and Signature Generation Using Deep Recurrent Neural Networks,” Neural Computing and Applications, vol. 32, no. 17, pp. 7859-7877, 2020. https://doi.org/10.1007/s00521-019-04187-9

[13] Kim S., Jo W., and Shon T., “APAD: Autoencoder- based Payload Anomaly Detection for Industrial IoE,” Applied Soft Computing, vol. 88, pp. 1-9, 2020. DOI: 10.1016/j.asoc.2019.106017

[14] Knudsen L., Gauravaram P., Matusiewicz K., Mendel F., and et al., “Grøstl-a SHA-3 Candidate,” Cryptology and Network Security, pp. 1-42, 2011. DOI: https://www.groestl.info/Groestl.pdf

[15] Kunang Y., Nurmaini S., Stiawan D., and Suprapto B., “Attack Classification of an Intrusion Detection System Using Deep Learning and Hyperparameter Optimization,” Journal of Information Security and Applications, vol. 58, pp. 1-15, 2021. DOI: 10.1016/j.jisa.2021.102804

[16] Liang W., Hu Y., Zhou X., Pan Y., and Wang K., “Variational Few-Shot Learning for Microservice- Oriented Intrusion Detection in Distributed Industrial IoT,” IEEE Transactions on Industrial Informatics, vol. 18, no. 8, pp. 5087-5095, 2022. DOI: 10.1109/TII.2021.3116085

[17] Liu J., Zhang W., Ma T., Tang Z., and et al., “Toward Security Monitoring of Industrial Cyber- Physical Systems via Hierarchically Distributed Intrusion Detection,” Expert Systems with Applications, vol. 158, pp. 1-23, 2020. DOI: 10.1016/j.eswa.2020.113578

[18] Lu K., Zeng G., Luo X., Weng J., and et al., “Evolutionary Deep Belief Network for Cyber- Attack Detection in Industrial Automation and Control System,” IEEE Transactions on Industrial Informatics, vol. 17, no. 11, pp. 7618-7627, 2021. DOI: 10.1109/TII.2021.3053304

[19] Mendel F., Rijmen V., and Schlaffer M., “Collision Attacks on Round-Reduced Grostl,” in Proceedings of the International Workshop on Fast Software Encryption, Berlin, pp. 509-521, 2014. https://doi.org/10.1007/978-3-662-46706- 0_26

[20] Morris T. and Gao W., “Industrial Control System Traffic Data Sets for Intrusion Detection Research,” in Proceedings of the 8th International Conference on Critical Infrastructure Protection, Arlington, pp. 65-78, 2014. https://inria.hal.science/hal-01386754v1

[21] Morris T., Thornton Z., and Turnipseed I., “Industrial Control System Simulation and Data Logging for Intrusion Detection System Research,” SEMANTIC SCHOLAR, pp. 1-6, 2015. http://www.ece.uah.edu/~thm0009/icsdatasets/cy berhuntsvillepaper_v4.pdf

[22] National Institute of Standards and Technology, SHA-2 Standard: Secure Hashing Algorithm, NIST Special Publication 800-107 Revision 1, 2015. DOI: 10.6028/NIST.SP.800-107r1

[23] Rogaway P. and Shrimpton T., “Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second- Preimage Resistance, and Collision Resistance,” Fast Software Encryption, vol. 3017, pp. 371-388, 2004. https://doi.org/10.1007/978-3-540-25937-4_24

[24] Shadravan S. and Asiabar S., “The Sailfish Optimizer: A Novel Nature-Inspired Metaheuristic Algorithm for Solving Constrained Engineering Optimization Problems,” Enhanced IIoT Security: A Hybrid Intrusion Detection Framework Using Signature ... 245 Engineering Applications of Artificial Intelligence, vol. 80, pp. 20-34, 2019. DOI: 10.1016/j.engappai.2019.01.001

[25] Sivamohan S. and Sridhar S., “An Optimized Model for Network Intrusion Detection Systems in Industry 4.0 Using XAI-based Bi-LSTM Framework,” Neural Computing and Applications, vol. 35, no. 15, pp. 11459-11475, 2023. DOI: 10.1007/s00521-023-08319-0

[26] Soliman S., Oudah W., and Aljuhani A., “Deep Learning-based Intrusion Detection Approach for Securing Industrial Internet of Things,” Alexandria Engineering Journal, vol. 81, pp. 371- 383, 2023. https://doi.org/10.1016/j.aej.2023.09.023

[27] Soltani M., Ousat B., Siavoshani M., and Jahangir A., “An Adaptable Deep Learning-based Intrusion Detection System to Zero-Day Attacks,” Journal of Information Security and Applications, vol. 76, pp. 103516, 2023. https://doi.org/10.1016/j.jisa.2023.103516

[28] Talukder A., Hasan K., Islam M., Uddin A., et al., “A Dependable Hybrid Machine Learning Model for Network Intrusion Detection,” Journal of Information Security and Applications, vol. 72, pp. 103405, 2023. https://doi.org/10.1016/j.jisa.2022.103405

[29] Tama B., Lee S., and Lee S., “A Systematic Mapping Study and Empirical Comparison of Data-Driven Intrusion Detection Techniques in Industrial Control Networks,” Archives of Computational Methods in Engineering, vol. 29, no. 7, pp. 5353-5380, 2022. https://doi.org/10.1007/s11831-022-09767-y

[30] Tavallaee M., Bagheri E., Lu W., and Ghorbani A., “A Detailed Analysis of the KDD CUP 99 Data Set,” in Proceedings of the IEEE Symposium on Computational Intelligence in Security and Defense Applications, Ottawa, pp. 1-6, 2009. https://doi.org/10.1109/CISDA.2009.5356528

[31] Venkatraman S. and Surendiran B., “Adaptive Hybrid Intrusion Detection System for Crowd- Sourced Multimedia Internet of Things Systems,” Multimedia Tools and Applications, vol. 79, pp. 3993-4010, 2020. DOI: 10.1007/s11042-019- 7495-6

[32] Verdejo J., Calle J., Alonso A., Alonso R., and Madinabeitia G., “On the Detection Capabilities of Signature-Based Intrusion Detection Systems in the Context of Web Attacks,” Applied Sciences, vol. 12, no. 2, pp. 1-16, 2022. https://doi.org/10.3390/app12020852

[33] Wang S., Xu W., and Liu Y., “Res-TranBiLSTM: An Intelligent Approach for Intrusion Detection in the Internet of Things,” Computer Networks, vol. 235, pp. 1-16, 2023. DOI: 10.1016/j.comnet.2023.109982

[34] Wang W., Harrou F., Bouyeddou B., Senouci S., and Sun Y., “A Stacked Deep Learning Approach to Cyber-Attacks Detection in Industrial Systems: Application to Power System and Gas Pipeline Systems,” Cluster Computing, vol. 25, no. 1, pp. 561-578, 2022. https://doi.org/10.1007/s10586- 021-03426-w

[35] Wang X. and Yu H, “How to Break MD5 and other Hash Functions,” in Proceedings of the 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, pp. 19-35, 2005. https://doi.org/10.1007/11426639_2

[36] Wang X., Yang Y., Ding X., and Zhao Y., “Based on Correlation Analysis and K-Means: An Anomaly Detection Algorithm for Seasonal Time- Series Data,” The International Arab Journal of Information Technology, vol. 21, no. 6, pp. 987- 986, 2024. https://doi.org/10.34028/iajit/21/6/2

[37] Yahuza M., Idris M., Wahab A., Ho A., and Taha A., “Systematic Review on Security and Privacy Requirements in Edge Computing: State of the Art and Future Research Opportunities,” IEEE Access, vol. 8, pp. 76541-76567, 2020. https://doi.org/10.1109/ACCESS.2020.2989456

[38] Zolanvari M., Teixeira M., Gupta L., Khan K., and Jain R., “WUSTL-IIOT-2021 Dataset for IIoT Cybersecurity Research,” Washington University, 2021. http://www.cse.wustl.edu/~jain/iiot2/index.html