DL-IDS: A Dual-Layer Intrusion Detection System with Ensembled Machine Learning Models for Industry 4.0

The increasing number of web attacks in a network environment poses substantial cyber risks to the network devices and systems, particularly in Industry 4.0, where interconnected smart devices and critical infrastructures are highly vulnerable. Conventional Intrusion Detection Systems (IDS) rely on predefined attack signatures and rule sets, which make them ineffective against multi-vector and social engineering attacks. This limitation can increase the likelihood of true negative incidents in the networks, potentially affecting the entire network. To address this limitation, a DL-IDS (Dual-Layer Intrusion Detection System) architecture is proposed, with effective threat detection with minimal computational overhead. The proposed architecture consists of two layers: Hybrid Threat Detection Model (HTDM) and Confirmatory Ensembled Models (CEM). HTDM monitors the traffic patterns to detect anomalies and flags suspicious packets as high Alert (hA). These hA packets are forwarded to the CEM layer, which uses specialized ensemble models for different attacks such as DDoS, Patator, and Web Attacks. This structured dual-layer approach enhances accuracy, reduces false positive and computational overhead. The proposed model is trained on the CICIDS-2017 dataset. HDTM achieved 99.92% accuracy, while CEM models of DDoS, Patator and Web Attacks achieved 98.57%, 98.97% and 98.91% respectively. The proposed architecture reduces the computational overhead by 25%–30% compared to conventional IDS.