新增未知攻击场景下的工业互联网恶意流量识别方法

曾凡一; 苘大鹏; 许晨; 韩帅; 王焕然; 周雪; 李欣纯; 杨武

doi:10.11959/j.issn.1000-436x.2024093

您当前的位置：

首页 >

文章列表页 >

新增未知攻击场景下的工业互联网恶意流量识别方法

专题：工业互联网安全技术 | 更新时间：2024-08-08

- 新增未知攻击场景下的工业互联网恶意流量识别方法
- Identification method for malicious traffic in industrial Internet under new unknown attack scenarios
- 通信学报 2024年45卷第6期页码：75-86
- 作者机构：
  
  哈尔滨工程大学计算机科学与技术学院，黑龙江哈尔滨 150009
- 作者简介：
  
  [ "曾凡一（1993- ），女，蒙古族，辽宁昌图人，哈尔滨工程大学博士生，主要研究方向为网络入侵检测、加密恶意流量分析。" ]
  [ "苘大鹏（1980- ），男，辽宁抚顺人，博士，哈尔滨工程大学教授、博士生导师，主要研究方向为网络流量安全监测、新型网络与人工智能安全。" ]
  [ "许晨（1996- ），男，山东菏泽人，博士，哈尔滨工程大学讲师、硕士生导师，主要研究方向为自然语言处理、人工智能安全。" ]
  [ "韩帅（1991- ），女，黑龙江哈尔滨人，博士，哈尔滨工程大学讲师、硕士生导师，主要研究方向为大数据管理与安全等。" ]
  [ "王焕然（1988- ），男，黑龙江哈尔滨人，博士，哈尔滨工程大学讲师、硕士生导师，主要研究方向为图表示学习、深度学习模型可解释性等。" ]
  [ "周雪（1994- ），女，黑龙江牡丹江人，哈尔滨工程大学博士生，主要研究方向为网络安全、人工智能安全。" ]
  [ "李欣纯（1999- ），女，黑龙江齐齐哈尔人，哈尔滨工程大学博士生，主要研究方向为数据安全与隐私保护。" ]
  [ "杨武（1974- ），男，辽宁宽甸人，博士，哈尔滨工程大学教授、博士生导师，主要研究方向为网络与信息安全、人工智能应用及安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2021YFB3101403);国家自然科学基金资助项目(U2003206;U20B2048;U21B2019;U22A2036;62272127);黑龙江省自然科学基金资助项目(TD2022F001)
- DOI：10.11959/j.issn.1000-436x.2024093
  中图分类号： TP393
- 收稿日期：2023-11-30，
  
  修回日期：2024-04-08，
  
  纸质出版日期：2024-06-25
- 稿件说明：
移动端阅览
曾凡一,苘大鹏,许晨等.新增未知攻击场景下的工业互联网恶意流量识别方法[J].通信学报,2024,45(06):75-86.

ZENG Fanyi,MAN Dapeng,XU Chen,et al.Identification method for malicious traffic in industrial Internet under new unknown attack scenarios[J].Journal on Communications,2024,45(06):75-86.
曾凡一,苘大鹏,许晨等.新增未知攻击场景下的工业互联网恶意流量识别方法[J].通信学报,2024,45(06):75-86. DOI： 10.11959/j.issn.1000-436x.2024093.

ZENG Fanyi,MAN Dapeng,XU Chen,et al.Identification method for malicious traffic in industrial Internet under new unknown attack scenarios[J].Journal on Communications,2024,45(06):75-86. DOI： 10.11959/j.issn.1000-436x.2024093.

摘要

针对工业互联网中新增未知攻击所引发的流量数据分布偏移问题，提出了一种基于邻域过滤和稳定学习的恶意流量识别方法，旨在增强现有图神经网络模型在识别已知类恶意流量时的有效性和鲁棒性。该方法首先对流量数据进行图结构建模，捕获通信行为中的拓扑关系与交互模式；然后，基于有偏采样的邻域过滤机制划分流量子图，消除通信行为间的伪同质性；最后，应用图表示学习和稳定学习策略，结合自适应样本加权与协同损失优化方法，实现高维流量特征的统计独立性。2个基准数据集上的实验结果表明，相较对比方法，所提方法在新增未知攻击场景下的识别性能提升超过2.7%，展示了其在工业互联网环境下的高效性和实用性。

Abstract

Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet

a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly

the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly

the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally

the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies

combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method

the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario

which shows its high efficiency and practicability in the industrial Internet environment.

关键词

Keywords

references

蔡岳平 , 李栋 , 许驰 , 等 . 面向工业互联网的5G-U与时间敏感网络融合架构与技术 [J ] . 通信学报 , 2021 , 42 ( 10 ): 43 - 54 .

CAI Y P , LI D , XU C , et al . Integrating 5G-U with time-sensitive networking for industrial Internet: architectures and technologies [J ] . Journal on Communications , 2021 , 42 ( 10 ): 43 - 54 .

黄韬 , 汪硕 , 黄玉栋 , 等 . 确定性网络研究综述 [J ] . 通信学报 , 2019 , 40 ( 6 ): 160 - 176 .

HUANG T , WANG S , HUANG Y D , et al . Survey of the deterministic network [J ] . Journal on Communications , 2019 , 40 ( 6 ): 160 - 176 .

NUAIMI M , FOURATI L C , HAMED B . Intelligent approaches toward intrusion detection systems for industrial Internet of things: a systematic comprehensive review [J ] . Journal of Network and Computer Applications , 2023 , 215 : 103637 .

FU C P , LI Q , XU K . Detecting unknown encrypted malicious traffic in real time via flow interaction graph analysis [J ] . arXiv Preprint , arXiv: 2301.13686 , 2023 .

WALI K N , ALSHEHRI MOHAMMED S , KHAN MUAZZAM A , et al . A hybrid deep learning-based intrusion detection system for IoT networks [J ] . Mathematical Biosciences and Engineering: MBE , 2023 , 20 ( 8 ): 13491 - 13520 .

LO W W , LAYEGHY S , SARHAN M , et al . E-GraphSAGE: a graph neural network based intrusion detection system for IoT [J ] . arXiv Preprint , arXiv: 2103.16329 , 2021 .

ALWASEL B , ALDRIBI A , ALRESHOODI M , et al . Leveraging graph-based representations to enhance machine learning performance in IIoT network security and attack detection [J ] . Applied Sciences , 2023 , 13 ( 13 ): 7774 .

CARLETTI V , FOGGIA P , VENTO M . Detecting abnormal communication patterns in IoT networks using graph neural networks [C ] // Proceedings of the Graph-Based Representations in Pattern Recognition . New York : ACM Press , 2023 : 127 - 138 .

ZHOU J W , XU Z Y , RUSH A M , et al . Automating botnet detection with graph neural networks [J ] . arXiv Preprint , arXiv: 2003.06344 , 2020 .

BOYACI O , UMUNNAKWE A , SAHU A , et al . Graph neural networks based detection of stealth false data injection attacks in smart grids [J ] . IEEE Systems Journal , 2022 , 16 ( 2 ): 2946 - 2957 .

DUAN G H , LV H W , WANG H Q , et al . Application of a dynamic line graph neural network for intrusion detection with semisupervised learning [J ] . IEEE Transactions on Information Forensics and Security , 2022 , 18 : 699 - 714 .

KUANG K , CUI P , ATHEY S , et al . Stable prediction across unknown environments [C ] // Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining . New York : ACM Press , 2018 : 1617 - 1626 .

LIA P Y , YAN J , SELLIER J M , et al . TADA: a transferable domain-adversarial training for smart grid intrusion detection based on ensemble divergence metrics and spatiotemporal features [J ] . Energies , 2022 , 15 ( 23 ): 8778 .

KHEDDAR H , HIMEUR Y , AWAD A I . Deep transfer learning for intrusion detection in industrial control networks: a comprehensive review [J ] . arXiv Preprint , arXiv: 2304.10550 , 2023 .

ARJOVSKY M , BOTTOU L , GULRAJANI I , et al . Invariant risk minimization [J ] . arXiv Preprint , arXiv: 1907.02893 , 2019 .

ZHANG X X , CUI P , XU R Z , et al . Deep stable learning for out-of-distribution generalization [J ] . arXiv Preprint , arXiv: 2104.07876 , 2021 .

REN M Y , ZENG W Y , YANG B , et al . Learning to reweight examples for robust deep learning [J ] . arXiv Preprint , arXiv: 1803.09050 , 2018 .

RAHIMI A , RECHT B . Random features for large-scale kernel machines [C ] // Proceedings of the 2007 Conference onNeural Information Processing Systems . New York : ACM Press , 2007 : 1177 - 1184 .

LI Z , TON J F , OGLIC D , et al . Towards A unified analysis of random Fourier featuresJ] . arXiv Preprint , arXiv: 1806.09178 , 2018 .

LI H Y , WANG X , ZHANG Z W , et al . OOD-GNN: out-of-distribution generalized graph neural network [J ] . IEEE Transactions on Knowledge and Data Engineering , 2023 , 35 ( 7 ): 7328 - 7340 .

WU Z R , XIONG Y J , YU S X , et al . Unsupervised feature learning via non-parametric instance discrimination [C ] // Proceedings of the 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway : IEEE Press , 2018 : 3733 - 3742 .

KORONIOTIS N , MOUSTAFA N , SITNIKOVA E , et al . Towards the development of realistic botnet dataset in the Internet of things for network forensic analytics: bot-IoT dataset [J ] . arXiv Preprint , arXiv: 1811.00701 , 2018 .

SARHAN M , LAYEGHY S , PORTMANN M . Towards a standard feature set for network intrusion detection system datasets [J ] . Mobile Networks and Applications , 2022 , 27 ( 1 ): 357 - 370 .

CHANG L Y , BRANCO P . Graph-based solutions with residuals for intrusion detection: the modified E-GraphSAGE and E-ResGAT algorithms [J ] . arXiv Preprint , arXiv: 2111.13597 , 2021 .

DATAR M , IMMORLICA N , INDYK P , et al . Locality-sensitive hashing scheme based on p-stable distributions [C ] // Proceedings of the Twentieth Annual Symposium on Computational Geometry . New York : ACM Press , 2004 : 253 - 262 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向WSN异常节点检测的融合重构机制与对比学习方法

基于预训练与新型时序图神经网络的智能合约漏洞检测方法

无等待与时隙映射复用结合的时间触发流调度方法

工业互联网流量分析技术综述

基于数字孪生的工业互联网安全检测与响应研究