Introduction
Cyberattacks are one of the primary threats to all types of communication networks, particularly in the industrial sector. Cyberattacks against the industry can affect managers, such as phishing attacks, or threaten communication and network infrastructures, including malware. Cyberattacks against the industry can include a wide range of activities, including botnets, malware, ransomware, phishing, and DDoS (Distributed Denial of Service) attacks. Oil infrastructures, with the aim of sustainable development, require intelligent mechanisms to deal with cyber attacks. Today, various cyberattacks are carried out against the infrastructures of oil-producing countries, which reduce the production and exploitation of oil and gas fields. In other words, one of the industries that these attacks can severely impact is the oil and gas industry, as it holds a significant share of a country's economy. Cyberattacks can hinder sustainable development in oil fields; therefore, providing approaches to detect attacks on oil infrastructure is crucial for maintaining stability.

Methodology
Intrusion detection systems can detect cyber attacks by analyzing network traffic to oil infrastructure. One approach that can be used to detect attacks against oil fields is to use artificial intelligence techniques such as deep learning and swarm intelligence. Deep learning methods can detect the occurrence of cyber attacks by analyzing communication network traffic in oil and gas fields and issue the necessary warning. Although deep learning methods for detecting cyber attacks are efficient, they have several challenges that impair their performance. The imbalance between the two classes of attack and regular traffic in the training dataset, the lack of intelligent feature selection, and the inability to extract spatial and temporal features from network traffic are some of the challenges faced by artificial intelligence and deep learning methods in detecting cyber attacks on oil and gas fields. In this paper, a hybrid approach based on a CNN neural network and BiLSTM with GAN network theory is presented for the cyber defense of oil fields. In the proposed approach, the deep learning architecture of a GAN is utilized to generate hostile attacks. The role of GAN is as an artificial intelligence and deep learning approach to balance datasets and create sophisticated attacks, thereby increasing the ability of the cyber defense system to face zero-day and new attacks. In the second stage, three strategies — XGBoost, Chi-square (Chi2), and RF — are employed for group feature selection. The CNN neural network is then combined with BiLSTM to analyze complex spatial and temporal features in detecting cyber attacks. The combination of two deep learning neural models, CNN and BiLSTM, enhances the intrusion detection system's ability to detect cyber attacks.

Results and discussion
To evaluate the cyber defense system, a real PLC-based network and a dataset related to simulating attacks on oil and gas companies are used. Evaluations show that the proposed method for detecting cyber attacks on oil and gas fields achieves an accuracy, sensitivity, and precision of 99.95%, 99.91%, and 99.94%, respectively, in the PLC1 dataset. In the PLC1 dataset, the proposed method is also more accurate than the RF, NB, DT, KNN, and SVM methods. Evaluations showed that the proposed method outperforms the LSTM, BiLSTM, MS1DCNN, and MS1DCNN+BiLSTM in detecting cyber attacks. The proposed method has a more accurate ability to detect cyber attacks due to proper balancing. The proposed method achieves accuracies of 99.88%, 99.82%, 99.67%, 99.43%, and 99.05% in detecting attacks, DoS, Code Execution, Scanning, MITM, and Port Scanning, respectively. The proposed method achieves the highest accuracy in detecting DoS attacks, and the evaluations also indicate that most attacks against oil and gas fields are of the DoS type. The EfficientTransformer method competes with the proposed method in detecting DoS cyber attacks, and the evaluations show that CNN-LSTM competes with the proposed method in executing code attacks. The training time of the proposed method is 218 seconds, which is less than that of the EfficientTransformer, LSTM, ResNet, RNN, DNN, and CNN-LSTM methods. This reduction is attributed to the feature selection in the proposed method, which results in a decrease in the number of input dimensions.

Conclusion
Oilfield development appears largely infeasible without addressing the regular cyberattacks carried out against oil infrastructure. Deep learning methods, such as CNN and LSTM, are prominent examples of artificial intelligence techniques that can be used to analyze network traffic and detect cyberattacks. The use of hybrid feature selection methods yields the selection of higher-quality features for network traffic detection, utilizing CNN and BiLSTM artificial intelligence tools. The use of a GAN-based deep learning architecture in the proposed method enables it to detect unknown cyberattacks with greater accuracy.