A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors
Authors: 
Kejing Zhao, Zhiyong Zhang, Kim-Kwang Raymond Choo, Zhongya Zhang, Tiantian ZhangAuthors Info & Claims
Article No.: 8, Pages 1 - 20
Abstract
Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting, and low efficiency. A combinatorial optimization method—Lagrange multiplier—is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increasing to 0.93 and the attack detection time reducing by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this article, the CICDDoS2019 and CICIDS2018 datasets are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly datasets.
References
[1]
H. Shen, J. Liu, K. Chen, J. Liu, and S. Moyer. 2015. SCPS: A social-aware distributed cyber-physical human-centric search engine. IEEE Trans. Comput. 64, 2 (Feb. 2015), 518–532.
[2]
Daniel Angermeier, Hannah Wester, Kristian Beilke, Gerhard Hansch, and Jörn Eichler. 2023. Security risk assessments: Modeling and risk level propagation. ACM Trans. Cyber-Phys. Syst. 7, 1 (Jan. 2023), Article 8, 25 pages.
[3]
J. Li, Z. Wang, Y. Shen, and L. Xie. 2022. Security synthesis for cyber–physical systems. IEEE Trans. Syst. Man Cybern. Syst. Early Access, (2022).
[4]
M. P. R. S. Kiran and P. Rajalakshmi. 2018. Performance analysis of CSMA/CA and PCA for time critical Industrial IoT applications. IEEE Trans. Ind. Informat. 14, 5 (May 2018), 2281–2293.
[5]
J. Zhou, P. He, R. Qiu, G. Chen, and W. Wu. 2021. Research on intrusion detection based on random forest and gradient boosting tree. J. Softw. 32, 10 (May 2021), 3254–3265.
[6]
J. Liang, Z. Qin, S. Xiao, L. Ou, and X. Lin. 2021. Efficient and secure decision tree classification for cloud-assisted online diagnosis services. IEEE Trans. Depend. Secure Computat. 18, 4 (July–Aug. 2021), 1632–1644.
[7]
Anas Alsoliman, Giulio Rigoni, Davide Callegaro, Marco Levorato, Cristina M. Pinotti, and Mauro Conti. 2023. Intrusion detection framework for invasive FPV drones using video streaming characteristics. ACM Trans. Cyber-Phys. Syst. 7, 2 (April 2023), Article 12, 29 pages.
[8]
S. Ponomarev and T. Atkison. 2016. Industrial control system network intrusion detection by telemetry analysis. IEEE Trans. Dependable Secure Comput. 13, 2 (March–April 2016), 252–260.
[9]
K. Yang, Y. Shi, Z. Yu, Q. Yang, A. K. Sangaiah, and H. Zeng. 2022. Stacked one-class broad learning system for intrusion detection in Industry 4.0. IEEE Trans. Industr. Inform.
[10]
H. Yao, P. Gao, P. Zhang, J. Wang, C. Jiang, and L. Lu. 2019. Hybrid intrusion detection system for edge-based IIoT relying on machine-learning-aided detection. IEEE Netw. 33, 5 (Sept.–Oct. 2019), 75–81.
[11]
J. Ren, Y. Zhang, B. Zhang, and S. Li. 2022. Classification algorithm of Industrial Internet intrusion detection based on feature processing. J. Comput. Res. Dev. 59, 5 (Dec. 2022), 1148–1159.
[12]
G. Xiong, T. S. Tamir, Z. Shen, X. Shang, H. Wu, and F.-Y. Wang. 2022. A survey on social manufacturing: A paradigm shift for smart prosumers. IEEE Trans. Comput. Soc. Syst. Early Access, 2022.
[13]
B. Wang, P. Zheng, Y. Yin, Albert Shih, and L. Wang. 2022. Toward human-centric smart manufacturing: A human-cyber-physical systems (HCPS) perspective. J. Manuf. Syst. 63 (April 2022), 471–490.
[14]
S. D. D. Anton, D. Fraunholz, D. Krohmer, D. Reti, D. Schneider, and H. D. Schotten. 2021. The global state of security in industrial control systems: An empirical analysis of vulnerabilities around the world. IEEE Internet Things J. 8, 24 (Dec. 2021), 17525–17540.
[15]
A. Wang, W. Chang, S. Chen, and A. Mohaisen. 2018. Delving into Internet DDoS attacks by botnets: Characterization and analysis. IEEE/ACM Trans. Netw. 26, 6 (Dec. 2018), 2843–2855.
[16]
D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis. 2020. A survey on SCADA systems: Secure protocols, incidents, threats and tactics. IEEE Commun. Surv. Tutor. 22, 3 (2020), 1942–1976.
[17]
H. Lee and A. Kobsa. 2019. Confident privacy decision-making in IoT environments. ACM Trans. Comput.-Hum. Interact. 27, 1 (Dec. 2019), 1–39.
[18]
D. Novikov, R. V. Yampolskiy, and L. Reznik. 2008. Traffic analysis based identification of attacks. Int. J. Comput. Sci. Appl. 5, 2 (Jan. 2008), 69–88.
[19]
B. Hidayanto, R. Muhammad, R. Kusumawardani, and A. Syafaat. 2017. Network intrusion detection systems analysis using frequent item set mining algorithm FP-Max and apriori. Procedia Comput. Sci. 124 (Dec. 2017), 751–758.
[20]
F. Guo, S. Yao, N. Zhang, and Y. He. 2022. XGBoost based fake data injection attack detection method for power grid. In Proceedings of the 2nd International Conference on Electrical Engineering and Control Science. IEEE, Los Alamitos, CA, 404–407.
[21]
M. Smache, A. Olivereau, T. Franco-Rondisson, and A. Tria. 2019. Autonomous detection of synchronization attacks in the Industrial Internet of Things. In Proceedings of the 2019 IEEE 38th International Performance Computing and Communications Conference. IEEE, Los Alamitos, CA, 1–9.
[22]
J. Lin and L. Liu. 2019. Research on security detection and data analysis for Industrial Internet. In Proceedings of the 2019 IEEE 19th International Conference on Software Quality, Reliability, and Security Companion. IEEE, Los Alamitos, CA, 466–470.
[23]
I. H. Sarker, M. H. Furhad, and R. Nowrozy. 2021. AI-driven cybersecurity: An overview, security intelligence modeling and research directions. SN Comput. Sci. 2 (2021), 173.
[24]
A. Corallo, M. Lazoi, and M. Lezzi. 2020. Cybersecurity in the context of Industry 4.0: A structured classification of critical assets and business impacts. Comput. Ind. 114 (2020), 103165.
[25]
J. B. Awotunde, C. Chakraborty, and A. E. Adeniyi. 2021. Intrusion detection in Industrial Internet of Things network-based on deep learning model with rule-based feature selection. Wirel. Commun. Mob. Comput. 2021 (2021), Article 7154587, 17 pages.
[26]
D. Upadhyay, J. Manero, M. Zaman, and S. Sampalli. 2021. Gradient boosting feature selection with machine learning classifiers for intrusion detection on power grids. IEEE Trans. Netw. Serv. Manag. 18, 1 (2021), 1104–1116.
[27]
L. Zhao and X. Dong. 2018. An Industrial Internet of Things feature processing method based on potential entropy evaluation criteria. IEEE Access 6 (Aug. 2018), 4608–4617.
[28]
S. Chakraborty, A. Onuchowska, S. Samtani, W. Jank, and B. Wolfram. 2021. Machine learning for automated Industrial IoT attack detection: An efficiency-complexity trade-off. ACM Trans. Manag. Informat. Syst. 12, 4 (Oct. 2021), 1–28.
[29]
J. Leevy, J. Hancock, R. Zuech, and T. Khoshgoftaar. 2021. Detecting cybersecurity attacks across different network features and learners. J. Big Data 8, 38 (Feb. 2021), 1–29.
[30]
H. Binyamini, R. Bitton, M. Inokuchi, T. Yagyu, Y. Elovici, and A. Shabtai. 2021. A framework for modeling cyber attack techniques from security vulnerability descriptions. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. ACM, New York, NY, 2574–2583.
[31]
Z. Zeng, B. Zhao, W. Meng, and H. Chao. 2022. Towards intelligent attack detection using DNA computing. ACM Trans. Multimedia Comput. Commun. Appl. 19, 3s (Sept. 2022), Article 126, 27 pages.
[32]
S. Braun, S. Albrecht, and S. Lucia. 2022. Attack identification for nonlinear systems based on sparse optimization. IEEE Trans. Automat. Contr. 67, 12 (Dec. 2022), 6397–6412.
[33]
L. Breiman. 2001. Random forests. Mach. Learn. 45, 1 (Oct. 2001), 5–32.
[34]
X. Zhang, J. Li, and D. Zhang. 2020. Research on feature processing for cyber attack detection in Industrial Internet of Things. In Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies. ACM, New York, NY, 256–262.
[35]
D. Pliatsios, P. Sarigiannidis, T. Lagkas, and A. G. Sarigiannidis. 2020. A survey on SCADA systems: Secure protocols, incidents, threats and tactics. IEEE Commun. Surv. Tutor. 22, 3 (2020), 1942–1976.
Index Terms
- A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors
Recommendations
An ETH-based approach to securing industrial Internet systems against mutinous attacks
AbstractIn modern manufacturing industries, industrial components are becoming increasingly open and interconnected which significantly promotes the collaboration capability and producing efficiency on one hand, while, on the other hand, makes the ...
Towards Evolving Security Requirements of Industrial Internet: A Layered Security Architecture Solution based on Data transfer Techniques
CIAT 2020: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced TechnologiesIndustrial Internet has been incrementally established in recent years to support smart manufacturing, which involves a collection of technology and value chain organization concepts. Along with the continuous development of the industrial Internet, an ...
Anomaly detection for mobile devices in industrial internet
UbiComp/ISWC '20 Adjunct: Adjunct Proceedings of the 2020 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2020 ACM International Symposium on Wearable ComputersThe concept of "Industrial Internet" was first proposed by General Electric in 2012. It aims to promote the intellectualization of the whole service system. However, with the development of the Industrial Internet, some criminals launch attacks on ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Journal Family
Publication History
Published: 14 January 2024
Online AM: 15 December 2023
Accepted: 11 December 2023
Revised: 27 November 2023
Received: 18 July 2023
Published in TCPS Volume 8, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Project of Leading Talents in Science and Technology Innovation in Henan Province
- Program for Henan Province Key Science and Technology
- Henan Province University Key Scientific Research Project
- Cloud Technology Endowed Professorship
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 270Total Downloads
- Downloads (Last 12 months)270
- Downloads (Last 6 weeks)6
Reflects downloads up to 17 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in