Abstract
Issues of improving algorithms for detecting network attacks in a heterogeneous industrial Internet of Things network based on machine learning technologies for subsequent integration with subsystems of a security operation center are considered. A block diagram of a network attack detection system and an algorithm for the intelligent analysis of network traffic parameters in the task of detecting malicious network activity are developed. Variants of constructing ensembles of classifiers based on machine learning models and heterogeneous neural network models are analyzed. The F1 score for test samples from publicly available datasets of labeled network traffic is as high as 96%. The possibility of embedding the proposed models into software and hardware modules is discussed. A virtual testbed for assessing the effectiveness of machine learning models for detecting network attacks is developed.
Similar content being viewed by others
REFERENCES
Moore, B., Gartner’s top 10 IoT tech trends, IT Brief. https://itbrief.com.au/story/gartner-s-top-10-iot-tech-trends. Accessed December 5, 2021.
Topical Cyber Threats: Q4 2020. Positive Technologies report. https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020-q4/. Accessed December 5, 2021.
Threat landscape for industrial automation systems. 2019 year. Kaspersky ICS CERT [Online]. https://ics-cert.kaspersky.ru/reports/2020/04/24/threat-landscape-for-industrial-automation-systems-2019-report-at-a-glance/. Accessed December 5, 2021.
Cecil, A., A summary of network traffic monitoring and analysis techniques. https://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html. Accessed December 5, 2021.
Gaifulina, D.A. and Kotenko, I.V., Application of deep learning methods in cybersecurity tasks, Voprosy kiberbezopasnosti, 2020, no. 3, pp. 76–86.
Monshizadeh M. et al., Performance evaluation of a combined anomaly detection platform, IEEE Access, 2019, vol. 7, pp. 100964–100978.
Moustafa N. et al., Collaborative anomaly detection framework for handling big data of cloud computing, 2017 Military Communications and Information Systems Conference (MilCIS). IEEE, 2017, pp. 1–6.
Ten, C.W., Manimaran G., and Liu, C.C., Cybersecurity for critical infrastructures: Attack and defense modeling, IEEE Trans. Syst., Man,Cybernetics Part A: Syst. and Humans, 2010, vol. 40, no. 4, pp. 853–865.
Ten, C.W., Hong, J., and Liu, C.C., Anomaly detection for cybersecurity of the substations, IEEE Trans. Smart Grid, 2011, vol. 2, no. 4, pp. 865–873.
Alrashdi, I. et al., Ad-IoT: Anomaly detection of IoT cyberattacks in smart city using machine learning, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2019, pp. 305–310.
Kiss, I. et al., Data clustering-based anomaly detection in industrial control systems, 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP). IEEE, 2014, pp. 275–281.
Cruz, T. et al., A cybersecurity detection framework for supervisory control and data acquisition systems, IEEE Trans. Industr. Inform., 2016, vol. 12, no. 6, pp. 2236–2246.
Tartakovsky, A.G., Polunchenko, A.S., and Sokolov, G., Efficient computer network anomaly detection by changepoint detection methods, IEEE J. Selected Topics Signal Process., 2012, vol. 7, no. 1, pp. 4–11.
Keshk, M. et al., An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems, IEEE Trans. Sustainable Comput., 2019, vol. 6, no. 1, pp. 66–79.
Gómez, Á.L.P. et al., On the generation of anomaly detection datasets in industrial control systems, IEEE Access, 2019, vol. 7, pp. 177460–177473.
Tavallaee, M. et al., A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, 2009, pp. 1–6.
Sharafaldin I., Lashkari A.H., Ghorbani A.A., Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp, 2018, vol. 1, pp. 108–116.
Moustafa, N., and Slay, J., UNSW-NB15: a Comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), IEEE, 2015, pp. 1–6.
Teixeira, M.A. et al., SCADA system testbed for cybersecurity research using machine learning approach, Future Internet. 2018, vol. 10, no. 8, p. 76.
Miciolino, E.E. et al., Communications network analysis in a SCADA system testbed under cyber-attacks, 2015 23rd Telecommunications Forum Telfor (TELFOR), IEEE, 2015, pp. 341–344.
Sapozhnikova, M.U., Nikonov, A.V., and Vulfin, A.M., Intrusion detection system based on data mining techniques for industrial networks, 2018 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM), IEEE, 2018, pp. 1–5.
Vulfin, A.M. et al., Network traffic analysis based on machine learning methods, Journal of Physics: Conference Series. IOP Publishing, 2021, vol. 2001, no. 1, pp. 012017.
Gurin M.A. et al., Intrusion detection system on the basis of data mining algorithms in the industrial network, CEUR Workshop Proceedings, 2019, pp. 553–565.
Vulfin, A.M. et al., Algorithms for detecting network attacks in an enterprise industrial network based on data mining algorithms, J. Phys., Conf. Ser. IOP Publishing, 2021, vol. 2001, no. 1, p. 012004.
Almomani, I., Al-Kasasbeh, B., and Al-Akhras, M., WSN-DS: A dataset for intrusion detection systems in wireless sensor networks, J. Sensors, 2016, vol. 2016.
Vasilyev, V.I. et al., System of attacks detection in wireless sensor networks of Industrial Internet of Things, Trudy ISA RAN, 2019, vol. 69, no. 4, pp. 70–78.
Goryunov, M.N., Matskevich, A.G., and Rybolovlev, D.A., Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset, Trudy ISP RAN, 2020, vol. 32, no. 5, pp. 81–93.
Kotsiantis, S. B. et al., Supervised machine learning: A review of classification techniques, Emerging artif. Intell. Appl. Comput. Eng., 2007. vol. 160. no. 1, pp. 3–24.
Vulfin, A.M., Cyber threat intelligence data management system, Model. Optim. Inf. Techn., 2021, vol. 9, no. 1. https://moitvivt.ru/ru/journal/pdf?id=925. https://doi.org/10.26102/2310-6018/2021.32.1.020. Accessed December 5, 2021.
Tobarra, L. et al., A Cybersecurity Experience with Cloud Virtual-Remote Laboratories, Multidisciplinary Digital Publishing Institute Proceedings, 2019, vol. 31, no. 1, p. 3.
Funding
This work was supported by the Russian Foundation for Basic Research, project no. 20-08-00668.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The author declares that he has no conflicts of interest.
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
Vulfin, A.M. Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning. Program Comput Soft 49, 333–345 (2023). https://doi.org/10.1134/S0361768823040126
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768823040126