{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T06:26:12Z","timestamp":1763533572309,"version":"3.45.0"},"reference-count":73,"publisher":"Oxford University Press (OUP)","issue":"11","license":[{"start":{"date-parts":[[2025,5,21]],"date-time":"2025-05-21T00:00:00Z","timestamp":1747785600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,11,13]]},"abstract":"Abstract<\/jats:title>\n With widespread adoption across industries, Industrial Internet of Things (IIoT) environments have become prime targets for cyberattacks. Moreover, the complexity and scale of these attacks can involve highly sophisticated, artificial intelligence (AI)\u2013enabled, and even autonomous capabilities, occurring at machine speeds and making conventional defensive mechanisms insufficient. Therefore, defensive systems must possess considerable autonomy to detect and mitigate such attacks effectively and promptly. This work presents an IIoT cyber defense system (NS-IoT) that integrates the sensitivity of Deep Reinforcement Learning (DRL) with the agility of multi-agent systems, providing an autonomous defense solution for distributed denial of service (DDoS) attacks. The NS-IoT system consists of two modules: detection and defense. For the detection module, a Deep Q-Network (DQN)-based agent (DQN-IoT) was developed to detect DDoS attacks. This agent employs DRL techniques to treat attack classification like a guessing game, leverages feedback to improve decision-making within the Markov Decision Process (MDP), and combines rewards for enhanced performance. In this study, DDoS attacks were detected using the proposed DQN-IoT model, achieving 98.43% and 98.05% accuracy on the CIC-IoT-2022 and CIC-IoT-2023 datasets, respectively. While these results highlight the model\u2019s effectiveness, real-time response speed is crucial in real-time events. Therefore, the proposed NS-IoT system addresses this need with its autonomous multi-agent structure, which minimizes human intervention.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaf068","type":"journal-article","created":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T08:01:50Z","timestamp":1746259310000},"page":"1711-1731","source":"Crossref","is-referenced-by-count":0,"title":["Design of an autonomous multi-agent-based defense system against DDoS attacks in the Industrial Internet of Things (IIoT) environment"],"prefix":"10.1093","volume":"68","author":[{"given":"Hakan","family":"Aydin","sequence":"first","affiliation":[{"name":"Department of Computer Engineering, Faculty of Engineering, \u0130stanbul Topkap\u0131 University , \u0130stanbul 34310 ,","place":["Turkey"]},{"name":"Department of Computer Engineering, Faculty of Engineering, \u0130stanbul University-Cerrahpasa , \u0130stanbul 34320 ,","place":["Turkey"]}]},{"given":"G\u00fcls\u00fcm Zeynep G\u00fcrka\u015f","family":"Aydin","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Engineering, \u0130stanbul University-Cerrahpasa , \u0130stanbul 34320 ,","place":["Turkey"]}]},{"given":"Ahmet","family":"Sertba\u015f","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Engineering, \u0130stanbul University-Cerrahpasa , \u0130stanbul 34320 ,","place":["Turkey"]}]},{"given":"Muhammed Ali","family":"Aydin","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, Faculty of Engineering, \u0130stanbul University-Cerrahpasa , \u0130stanbul 34320 ,","place":["Turkey"]}]}],"member":"286","published-online":{"date-parts":[[2025,5,21]]},"reference":[{"volume-title":"Network Security Essentials: Applications and Standards","year":"2000","author":"Stallings","key":"2025111901222052100_ref1"},{"key":"2025111901222052100_ref2","first-page":"29","article-title":"W32. Stuxnet dossier","volume":"5","author":"Falliere","year":"2011","journal-title":"Symantec Corp, Security Response"},{"volume-title":"26th USENIX Security Symposium (USENIX Security 17)","key":"2025111901222052100_ref3"},{"volume-title":"2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)","key":"2025111901222052100_ref4"},{"key":"2025111901222052100_ref5","doi-asserted-by":"publisher","first-page":"200305","DOI":"10.1109\/ACCESS.2020.3035963","article-title":"Securing IT\/OT links for low power IIoT devices: design considerations for industry 4.0","volume":"8","author":"Mantravadi","year":"2020","journal-title":"IEEE Access"},{"volume-title":"NIST Special Publication 800-82","key":"2025111901222052100_ref6"},{"key":"2025111901222052100_ref7","doi-asserted-by":"crossref","first-page":"4059","DOI":"10.1109\/TII.2021.3088938","article-title":"FLEAM: a federated learning empowered architecture to mitigate DDoS in industrial IoT","volume":"18","author":"Li","year":"2021","journal-title":"IEEE Trans Industr Inform"},{"volume-title":"2018 IEEE Global Conference on Wireless Computing and Networking (GCWCN)","key":"2025111901222052100_ref8"},{"key":"2025111901222052100_ref9","doi-asserted-by":"publisher","first-page":"100978","DOI":"10.1016\/j.iot.2023.100978","article-title":"Cogni-sec: a secure cognitive enabled distributed reinforcement learning model for medical cyber\u2013physical systems","volume":"24","author":"Mishra","year":"2023","journal-title":"Internet Things"},{"volume-title":"Global Industrial Internet of Things Market Size","year":"2024","author":"Statista","key":"2025111901222052100_ref10"},{"key":"2025111901222052100_ref11","doi-asserted-by":"publisher","first-page":"294","DOI":"10.1016\/j.comcom.2023.06.020","article-title":"Cybersecurity for industrial IoT (IIoT): threats, countermeasures, challenges, and future directions","volume":"208","author":"Mekala","year":"2023","journal-title":"Comput Commun"},{"key":"2025111901222052100_ref12","first-page":"1","article-title":"Importance of intrusion detection system (IDS)","volume":"2","author":"Ashoor","year":"2011","journal-title":"Int J Sci Eng Res"},{"volume-title":"2008 Third International Conference on Systems and Networks Communications","key":"2025111901222052100_ref13"},{"key":"2025111901222052100_ref14","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1145\/997150.997156","article-title":"A taxonomy of DDoS attack and DDoS Defense mechanisms","volume":"34","author":"Mirkovic","year":"2004","journal-title":"ACM SIGCOMM Comput Commun Rev"},{"key":"2025111901222052100_ref15","doi-asserted-by":"publisher","first-page":"676","DOI":"10.1016\/S0167-4048(01)00806-9","article-title":"A comparison of intrusion detection systems","volume":"20","author":"Biermann","year":"2001","journal-title":"Comput Secur"},{"key":"2025111901222052100_ref16","doi-asserted-by":"publisher","first-page":"103637","DOI":"10.1016\/j.jnca.2023.103637","article-title":"Intelligent approaches toward intrusion detection Systems for Industrial Internet of things: a systematic comprehensive review","volume":"215","author":"Nuaimi","year":"2023","journal-title":"J Netw Comput Appl"},{"key":"2025111901222052100_ref17","doi-asserted-by":"publisher","first-page":"200232","DOI":"10.1016\/j.iswa.2023.200232","article-title":"Anomaly classification in industrial internet of things: a review","volume":"18","author":"Rodr\u00edguez","year":"2023","journal-title":"Intell Syst Appl"},{"volume-title":"Multiple Classifier Systems: 10th International Workshop, MCS 2011, Naples, Italy, June 15\u201317","key":"2025111901222052100_ref18"},{"key":"2025111901222052100_ref19","doi-asserted-by":"publisher","first-page":"103006","DOI":"10.1016\/j.cose.2022.103006","article-title":"The threat of offensive AI to organizations","volume":"124","author":"Mirsky","year":"2023","journal-title":"Comput Secur"},{"volume-title":"Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications","key":"2025111901222052100_ref20"},{"volume-title":"Decision and Game Theory for Security: 11th International Conference, GameSec 2020, College Park, MD, USA, October 28\u201330","key":"2025111901222052100_ref21"},{"key":"2025111901222052100_ref22","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1109\/TPDS.2013.211","article-title":"RRE: a game-theoretic intrusion response and recovery engine","volume":"25","author":"Zonouz","year":"2013","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"2025111901222052100_ref23","doi-asserted-by":"publisher","first-page":"41","DOI":"10.3390\/computers11030041","article-title":"Deep Q-learning based reinforcement learning approach for network intrusion detection","volume":"11","author":"Alavizadeh","year":"2022","journal-title":"Comput Secur"},{"volume":"8","journal-title":"Secur Intell","key":"2025111901222052100_ref24"},{"key":"2025111901222052100_ref25"},{"key":"2025111901222052100_ref26","first-page":"57","article-title":"Intelligent autonomous agents are key to cyber Defense of the future Army networks","volume":"3","author":"Kott","year":"2018","journal-title":"The Cyber Defense Review"},{"volume-title":"International Workshop on Agent Theories, Architectures, and Languages","key":"2025111901222052100_ref27"},{"volume-title":"2013 5th International Conference on Cyber Conflict (CYCON 2013)","key":"2025111901222052100_ref28"},{"key":"2025111901222052100_ref29"},{"key":"2025111901222052100_ref30","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1109\/MSEC.2020.2983714","article-title":"Doers, not watchers: intelligent autonomous agents are a path to cyber resilience","volume":"18","author":"Kott","year":"2020","journal-title":"IEEE Secur Priv"},{"key":"2025111901222052100_ref31","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/s10207-019-00482-7","article-title":"A context-aware robust intrusion detection system: a reinforcement learning-based approach","volume":"19","author":"Sethi","year":"2020","journal-title":"Int J Inf Sec"},{"volume-title":"2011 IEEE Symposium on Adaptive Dynamic Programming and Reinforcement Learning (ADPRL)","key":"2025111901222052100_ref32"},{"volume-title":"2020 18th International Conference on ICT and Knowledge Engineering (ICT&KE)","key":"2025111901222052100_ref33","doi-asserted-by":"publisher","DOI":"10.1109\/ICTKE50349.2020.9289884"},{"volume-title":"2020 IEEE\/ACM 28th International Symposium on Quality of Service (IWQoS)","key":"2025111901222052100_ref34"},{"volume-title":"2020 IEEE 9th International Conference on Cloud Networking (CloudNet)","key":"2025111901222052100_ref35"},{"key":"2025111901222052100_ref36","doi-asserted-by":"publisher","first-page":"102923","DOI":"10.1016\/j.jisa.2021.102923","article-title":"Attention based multi-agent intrusion detection systems using reinforcement learning","volume":"61","author":"Sethi","year":"2021","journal-title":"J Inf Sec Appl"},{"volume-title":"Sakarya University Journal of Computer and Information Sciences","key":"2025111901222052100_ref37","doi-asserted-by":"publisher","DOI":"10.35377\/saucis.04.01.834048"},{"volume-title":"Proceedings of the 2021 IFIP\/IEEE International Symposium on Integrated Network Management (IM)","key":"2025111901222052100_ref38","doi-asserted-by":"publisher","DOI":"10.1109\/IM52620.2021.9463947"},{"volume-title":"Proceedings of the 2022 IEEE International Conference on Unmanned Systems (ICUS)","key":"2025111901222052100_ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ICUS56347.2022.10112520"},{"key":"2025111901222052100_ref40","doi-asserted-by":"publisher","first-page":"103444","DOI":"10.1016\/j.jnca.2022.103444","article-title":"A flexible SDN-based framework for slow-rate DDoS attack mitigation by using deep reinforcement learning","volume":"205","author":"Yungaicela-Naula","year":"2022","journal-title":"J Netw Comput Appl"},{"volume-title":"Proceedings of the 2022 IEEE International Conference on Electro Information Technology (eIT)","key":"2025111901222052100_ref41","doi-asserted-by":"publisher","DOI":"10.1109\/eIT55299.2022.00099"},{"key":"2025111901222052100_ref42","doi-asserted-by":"publisher","first-page":"5317","DOI":"10.1109\/TVT.2022.3233880","article-title":"A transfer double deep Q network based DDoS detection method for internet of vehicles","volume":"72","author":"Li","year":"2023","journal-title":"IEEE Trans Vehicular Technol"},{"key":"2025111901222052100_ref43","doi-asserted-by":"publisher","first-page":"9610","DOI":"10.1109\/JIOT.2023.3324053","article-title":"MalBoT-DRL: malware botnet detection using deep reinforcement learning in IoT networks","volume":"11","author":"Al-Fawa\u2019reh","year":"2023","journal-title":"IEEE Internet Things J"},{"volume":"25","journal-title":"Internet of Things","key":"2025111901222052100_ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.101037"},{"volume-title":"Proceedings of the 2023 IEEE 13th Annual Computing and Communication Workshop and Conference (CCWC)","key":"2025111901222052100_ref45","doi-asserted-by":"publisher","DOI":"10.1109\/CCWC57344.2023.10112520"},{"volume-title":"Proceedings of the 2023 International Conference on Circuit Power and Computing Technologies (ICCPCT)","key":"2025111901222052100_ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ICCPCT58313.2023.10245608"},{"volume":"11","journal-title":"International Journal of Interactive Mobile Technologies (iJIM)","key":"2025111901222052100_ref47","doi-asserted-by":"publisher","DOI":"10.3991\/ijim.v11i5.7072"},{"key":"2025111901222052100_ref48","doi-asserted-by":"publisher","first-page":"4724","DOI":"10.1109\/TII.2018.2852491","article-title":"Industrial internet of things: challenges, opportunities, and directions","volume":"14","author":"Sisinni","year":"2018","journal-title":"IEEE Trans Ind Informat"},{"key":"2025111901222052100_ref49","doi-asserted-by":"publisher","first-page":"2489","DOI":"10.1109\/COMST.2020.3011208","article-title":"A systematic survey of industrial internet of things security: requirements and fog computing opportunities","volume":"22","author":"Tange","year":"2020","journal-title":"IEEE Commun Surveys Tuts"},{"volume-title":"Industrial Internet Consortium (IIC), Tech. Rep.","key":"2025111901222052100_ref50"},{"key":"2025111901222052100_ref51","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.compind.2018.04.015","article-title":"The industrial internet of things (IIoT): an analysis framework","volume":"101","author":"Boyes","year":"2018","journal-title":"Comput Ind"},{"key":"2025111901222052100_ref52","doi-asserted-by":"publisher","first-page":"17190","DOI":"10.1109\/ACCESS.2018.2809681","article-title":"Industrial big data analytics for prediction of remaining useful life based on deep learning","volume":"6","author":"Yan","year":"2018","journal-title":"IEEE Access"},{"key":"2025111901222052100_ref53","doi-asserted-by":"publisher","first-page":"102481","DOI":"10.1016\/j.jnca.2019.102481","article-title":"A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT","volume":"149","author":"Sengupta","year":"2020","journal-title":"J Netw Comput Appl"},{"volume-title":"Proceedings of the 11th Conference on Learning Factories (CLF 2021)","key":"2025111901222052100_ref54"},{"key":"2025111901222052100_ref55","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1016\/0166-3615(94)90017-5","article-title":"The Purdue enterprise reference architecture","volume":"24","author":"Williams","year":"1994","journal-title":"Comput Ind"},{"key":"2025111901222052100_ref56","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.icte.2017.12.007","article-title":"Multi-stage crypto ransomware attacks: a new emerging cyber threat to critical infrastructure and industrial control systems","volume":"4","author":"Zimba","year":"2018","journal-title":"ICT Express"},{"key":"2025111901222052100_ref57","doi-asserted-by":"publisher","first-page":"4486","DOI":"10.1109\/JIOT.2018.2822842","article-title":"IIoT cybersecurity risk modeling for SCADA systems","volume":"5","author":"Falco","year":"2018","journal-title":"IEEE Internet Things J"},{"key":"2025111901222052100_ref58","doi-asserted-by":"publisher","first-page":"100433","DOI":"10.1016\/j.ijcip.2021.100433","article-title":"Architecture and security of SCADA systems: a review","volume":"34","author":"Yadav","year":"2021","journal-title":"Int J Crit Infrastruct Prot"},{"key":"2025111901222052100_ref59","doi-asserted-by":"publisher","first-page":"110015","DOI":"10.1016\/j.comnet.2023.110015","article-title":"DDoS attacks in industrial IoT: a survey","volume":"236","author":"Chaudhary","year":"2023","journal-title":"Comput Netw"},{"key":"2025111901222052100_ref60","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and other botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"2025111901222052100_ref61","first-page":"103629","article-title":"The evolution of Mirai botnet scans over a six-year period","volume":"79","author":"Affinito","year":"2023","journal-title":"J Inf Sec Appl"},{"key":"2025111901222052100_ref62","doi-asserted-by":"publisher","first-page":"2734","DOI":"10.1109\/TII.2021.3090719","article-title":"Toward proactive and efficient DDoS mitigation in IIoT systems: a moving target defense approach","volume":"18","author":"Zhou","year":"2021","journal-title":"IEEE Trans Ind Informat"},{"key":"2025111901222052100_ref63","doi-asserted-by":"publisher","first-page":"2985","DOI":"10.1109\/TII.2020.3023507","article-title":"Challenges and opportunities in securing the industrial internet of things","volume":"17","author":"Serror","year":"2020","journal-title":"IEEE Trans Ind Informat"},{"key":"2025111901222052100_ref64","doi-asserted-by":"publisher","first-page":"590","DOI":"10.1016\/j.dcan.2022.04.008","article-title":"A multi-point collaborative DDoS defense mechanism for IIoT environment","volume":"9","author":"Huang","year":"2023","journal-title":"Digit Commun Netw"},{"key":"2025111901222052100_ref65","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1701.07274"},{"volume-title":"Handbook of Reinforcement Learning and Control","key":"2025111901222052100_ref66","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-60990-0_10DLSliefertLehrmittel+6"},{"key":"2025111901222052100_ref67","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1613\/jair.301","article-title":"Reinforcement learning: a survey","volume":"4","author":"Kaelbling","year":"1996","journal-title":"J Artif Intell Res"},{"key":"2025111901222052100_ref68","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1803.10664"},{"key":"2025111901222052100_ref69","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/BF00992698","article-title":"Q-learning","volume":"8","author":"Watkins","year":"1992","journal-title":"Mach Learn"},{"key":"2025111901222052100_ref70","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1146\/annurev-statistics-031219-041220","article-title":"Q-learning: theory and applications","volume":"7","author":"Clifton","year":"2020","journal-title":"Annu Rev Stat Its Appl"},{"volume-title":"Proceedings of the 2nd Conference on Learning for Dynamics and Control","key":"2025111901222052100_ref71"},{"key":"2025111901222052100_ref72","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1038\/nature14236","article-title":"Human-level control through deep reinforcement learning","volume":"518","author":"Mnih","year":"2015","journal-title":"Nature"},{"volume-title":"DDoS Evaluation Dataset (CICDDoS2019)","key":"2025111901222052100_ref73"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/11\/1711\/63262102\/bxaf068.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/11\/1711\/63262102\/bxaf068.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,19]],"date-time":"2025-11-19T06:22:30Z","timestamp":1763533350000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/68\/11\/1711\/8139856"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,21]]},"references-count":73,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,5,21]]},"published-print":{"date-parts":[[2025,11,13]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaf068","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"type":"print","value":"0010-4620"},{"type":"electronic","value":"1460-2067"}],"subject":[],"published-other":{"date-parts":[[2025,11]]},"published":{"date-parts":[[2025,5,21]]}}}