Skip to main content
SpringerLink
Log in

Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Issues of improving algorithms for detecting network attacks in a heterogeneous industrial Internet of Things network based on machine learning technologies for subsequent integration with subsystems of a security operation center are considered. A block diagram of a network attack detection system and an algorithm for the intelligent analysis of network traffic parameters in the task of detecting malicious network activity are developed. Variants of constructing ensembles of classifiers based on machine learning models and heterogeneous neural network models are analyzed. The F1 score for test samples from publicly available datasets of labeled network traffic is as high as 96%. The possibility of embedding the proposed models into software and hardware modules is discussed. A virtual testbed for assessing the effectiveness of machine learning models for detecting network attacks is developed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.
Fig. 10.
Fig. 11.
Fig. 12.
Fig. 13.

Similar content being viewed by others

REFERENCES

  1. Moore, B., Gartner’s top 10 IoT tech trends, IT Brief. https://itbrief.com.au/story/gartner-s-top-10-iot-tech-trends. Accessed December 5, 2021.

  2. Topical Cyber Threats: Q4 2020. Positive Technologies report. https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020-q4/. Accessed December 5, 2021.

  3. Threat landscape for industrial automation systems. 2019 year. Kaspersky ICS CERT [Online]. https://ics-cert.kaspersky.ru/reports/2020/04/24/threat-landscape-for-industrial-automation-systems-2019-report-at-a-glance/. Accessed December 5, 2021.

  4. Cecil, A., A summary of network traffic monitoring and analysis techniques. https://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html. Accessed December 5, 2021.

  5. Gaifulina, D.A. and Kotenko, I.V., Application of deep learning methods in cybersecurity tasks, Voprosy kiberbezopasnosti, 2020, no. 3, pp. 76–86.

  6. Monshizadeh M. et al., Performance evaluation of a combined anomaly detection platform, IEEE Access, 2019, vol. 7, pp. 100964–100978.

    Article  Google Scholar 

  7. Moustafa N. et al., Collaborative anomaly detection framework for handling big data of cloud computing, 2017 Military Communications and Information Systems Conference (MilCIS). IEEE, 2017, pp. 1–6.

  8. Ten, C.W., Manimaran G., and Liu, C.C., Cybersecurity for critical infrastructures: Attack and defense modeling, IEEE Trans. Syst., Man,Cybernetics Part A: Syst. and Humans, 2010, vol. 40, no. 4, pp. 853–865.

    Article  Google Scholar 

  9. Ten, C.W., Hong, J., and Liu, C.C., Anomaly detection for cybersecurity of the substations, IEEE Trans. Smart Grid, 2011, vol. 2, no. 4, pp. 865–873.

    Article  Google Scholar 

  10. Alrashdi, I. et al., Ad-IoT: Anomaly detection of IoT cyberattacks in smart city using machine learning, 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC). IEEE, 2019, pp. 305–310.

  11. Kiss, I. et al., Data clustering-based anomaly detection in industrial control systems, 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP). IEEE, 2014, pp. 275–281.

  12. Cruz, T. et al., A cybersecurity detection framework for supervisory control and data acquisition systems, IEEE Trans. Industr. Inform., 2016, vol. 12, no. 6, pp. 2236–2246.

    Article  Google Scholar 

  13. Tartakovsky, A.G., Polunchenko, A.S., and Sokolov, G., Efficient computer network anomaly detection by changepoint detection methods, IEEE J. Selected Topics Signal Process., 2012, vol. 7, no. 1, pp. 4–11.

    Article  Google Scholar 

  14. Keshk, M. et al., An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems, IEEE Trans. Sustainable Comput., 2019, vol. 6, no. 1, pp. 66–79.

    Article  Google Scholar 

  15. Gómez, Á.L.P. et al., On the generation of anomaly detection datasets in industrial control systems, IEEE Access, 2019, vol. 7, pp. 177460–177473.

    Article  Google Scholar 

  16. Tavallaee, M. et al., A detailed analysis of the KDD CUP 99 data set, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, 2009, pp. 1–6.

  17. Sharafaldin I., Lashkari A.H., Ghorbani A.A., Toward generating a new intrusion detection dataset and intrusion traffic characterization, ICISSp, 2018, vol. 1, pp. 108–116.

  18. Moustafa, N., and Slay, J., UNSW-NB15: a Comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), IEEE, 2015, pp. 1–6.

  19. Teixeira, M.A. et al., SCADA system testbed for cybersecurity research using machine learning approach, Future Internet. 2018, vol. 10, no. 8, p. 76.

    Article  Google Scholar 

  20. Miciolino, E.E. et al., Communications network analysis in a SCADA system testbed under cyber-attacks, 2015 23rd Telecommunications Forum Telfor (TELFOR), IEEE, 2015, pp. 341–344.

  21. Sapozhnikova, M.U., Nikonov, A.V., and Vulfin, A.M., Intrusion detection system based on data mining techniques for industrial networks, 2018 International Conference on Industrial Engineering, Applications and Manufacturing (ICIEAM), IEEE, 2018, pp. 1–5.

  22. Vulfin, A.M. et al., Network traffic analysis based on machine learning methods, Journal of Physics: Conference Series. IOP Publishing, 2021, vol. 2001, no. 1, pp. 012017.

  23. Gurin M.A. et al., Intrusion detection system on the basis of data mining algorithms in the industrial network, CEUR Workshop Proceedings, 2019, pp. 553–565.

  24. Vulfin, A.M. et al., Algorithms for detecting network attacks in an enterprise industrial network based on data mining algorithms, J. Phys., Conf. Ser. IOP Publishing, 2021, vol. 2001, no. 1, p. 012004.

  25. Almomani, I., Al-Kasasbeh, B., and Al-Akhras, M., WSN-DS: A dataset for intrusion detection systems in wireless sensor networks, J. Sensors, 2016, vol. 2016.

  26. Vasilyev, V.I. et al., System of attacks detection in wireless sensor networks of Industrial Internet of Things, Trudy ISA RAN, 2019, vol. 69, no. 4, pp. 70–78.

    Google Scholar 

  27. Goryunov, M.N., Matskevich, A.G., and Rybolovlev, D.A., Synthesis of a machine learning model for detecting computer attacks based on the CICIDS2017 dataset, Trudy ISP RAN, 2020, vol. 32, no. 5, pp. 81–93.

    Google Scholar 

  28. Kotsiantis, S. B. et al., Supervised machine learning: A review of classification techniques, Emerging artif. Intell. Appl. Comput. Eng., 2007. vol. 160. no. 1, pp. 3–24.

    MathSciNet  Google Scholar 

  29. Vulfin, A.M., Cyber threat intelligence data management system, Model. Optim. Inf. Techn., 2021, vol. 9, no. 1. https://moitvivt.ru/ru/journal/pdf?id=925. https://doi.org/10.26102/2310-6018/2021.32.1.020. Accessed December 5, 2021.

  30. Tobarra, L. et al., A Cybersecurity Experience with Cloud Virtual-Remote Laboratories, Multidisciplinary Digital Publishing Institute Proceedings, 2019, vol. 31, no. 1, p. 3.

    Google Scholar 

Download references

Funding

This work was supported by the Russian Foundation for Basic Research, project no. 20-08-00668.

Author information

Authors and Affiliations

  1. Ufa University of Science and Technology, 450077, Ufa, Bashkortostan, Russia

    A. M. Vulfin

Authors
  1. A. M. Vulfin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. M. Vulfin.

Ethics declarations

The author declares that he has no conflicts of interest.

Additional information

Translated by A. Klimontovich

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Vulfin, A.M. Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning. Program Comput Soft 49, 333–345 (2023). https://doi.org/10.1134/S0361768823040126

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768823040126

Keywords:

Search

Navigation