Identification method for malicious traffic in industrial Internet under new unknown attack scenarios

ZENG Fanyi; MAN Dapeng; XU Chen; HAN Shuai; WANG Huanran; ZHOU Xue; LI Xinchun; YANG Wu

doi:10.11959/j.issn.1000-436x.2024093

您当前的位置：

首页 >

文章列表页 >

Identification method for malicious traffic in industrial Internet under new unknown attack scenarios

Topics：Technologies of Industrial Internet Security | 更新时间：2024-08-08

- Identification method for malicious traffic in industrial Internet under new unknown attack scenarios
- Journal on Communications Vol. 45, Issue 6, Pages: 75-86(2024)
- 作者机构：
  
  哈尔滨工程大学计算机科学与技术学院，黑龙江哈尔滨 150009
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2021YFB3101403);The National Natural Science Foundation of China(U2003206;U20B2048;U21B2019;U22A2036;62272127);The Natural Science Foundation of Heilongjiang Province(TD2022F001)
- DOI：10.11959/j.issn.1000-436x.2024093
  CLC： TP393
- Received：30 November 2023，
  
  Revised：2024-04-08，
  
  Published：25 June 2024
- 稿件说明：
移动端阅览
曾凡一,苘大鹏,许晨等.新增未知攻击场景下的工业互联网恶意流量识别方法[J].通信学报,2024,45(06):75-86.

ZENG Fanyi,MAN Dapeng,XU Chen,et al.Identification method for malicious traffic in industrial Internet under new unknown attack scenarios[J].Journal on Communications,2024,45(06):75-86.
曾凡一,苘大鹏,许晨等.新增未知攻击场景下的工业互联网恶意流量识别方法[J].通信学报,2024,45(06):75-86. DOI： 10.11959/j.issn.1000-436x.2024093.

ZENG Fanyi,MAN Dapeng,XU Chen,et al.Identification method for malicious traffic in industrial Internet under new unknown attack scenarios[J].Journal on Communications,2024,45(06):75-86. DOI： 10.11959/j.issn.1000-436x.2024093.

摘要

针对工业互联网中新增未知攻击所引发的流量数据分布偏移问题，提出了一种基于邻域过滤和稳定学习的恶意流量识别方法，旨在增强现有图神经网络模型在识别已知类恶意流量时的有效性和鲁棒性。该方法首先对流量数据进行图结构建模，捕获通信行为中的拓扑关系与交互模式；然后，基于有偏采样的邻域过滤机制划分流量子图，消除通信行为间的伪同质性；最后，应用图表示学习和稳定学习策略，结合自适应样本加权与协同损失优化方法，实现高维流量特征的统计独立性。2个基准数据集上的实验结果表明，相较对比方法，所提方法在新增未知攻击场景下的识别性能提升超过2.7%，展示了其在工业互联网环境下的高效性和实用性。

Abstract

Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet

a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly

the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly

the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally

the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies

combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method

the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario

which shows its high efficiency and practicability in the industrial Internet environment.

关键词

Keywords

references

蔡岳平 , 李栋 , 许驰 , 等 . 面向工业互联网的5G-U与时间敏感网络融合架构与技术 [J ] . 通信学报 , 2021 , 42 ( 10 ): 43 - 54 .

CAI Y P , LI D , XU C , et al . Integrating 5G-U with time-sensitive networking for industrial Internet: architectures and technologies [J ] . Journal on Communications , 2021 , 42 ( 10 ): 43 - 54 .

黄韬 , 汪硕 , 黄玉栋 , 等 . 确定性网络研究综述 [J ] . 通信学报 , 2019 , 40 ( 6 ): 160 - 176 .

HUANG T , WANG S , HUANG Y D , et al . Survey of the deterministic network [J ] . Journal on Communications , 2019 , 40 ( 6 ): 160 - 176 .

NUAIMI M , FOURATI L C , HAMED B . Intelligent approaches toward intrusion detection systems for industrial Internet of things: a systematic comprehensive review [J ] . Journal of Network and Computer Applications , 2023 , 215 : 103637 .

FU C P , LI Q , XU K . Detecting unknown encrypted malicious traffic in real time via flow interaction graph analysis [J ] . arXiv Preprint , arXiv: 2301.13686 , 2023 .

WALI K N , ALSHEHRI MOHAMMED S , KHAN MUAZZAM A , et al . A hybrid deep learning-based intrusion detection system for IoT networks [J ] . Mathematical Biosciences and Engineering: MBE , 2023 , 20 ( 8 ): 13491 - 13520 .

LO W W , LAYEGHY S , SARHAN M , et al . E-GraphSAGE: a graph neural network based intrusion detection system for IoT [J ] . arXiv Preprint , arXiv: 2103.16329 , 2021 .

ALWASEL B , ALDRIBI A , ALRESHOODI M , et al . Leveraging graph-based representations to enhance machine learning performance in IIoT network security and attack detection [J ] . Applied Sciences , 2023 , 13 ( 13 ): 7774 .

CARLETTI V , FOGGIA P , VENTO M . Detecting abnormal communication patterns in IoT networks using graph neural networks [C ] // Proceedings of the Graph-Based Representations in Pattern Recognition . New York : ACM Press , 2023 : 127 - 138 .

ZHOU J W , XU Z Y , RUSH A M , et al . Automating botnet detection with graph neural networks [J ] . arXiv Preprint , arXiv: 2003.06344 , 2020 .

BOYACI O , UMUNNAKWE A , SAHU A , et al . Graph neural networks based detection of stealth false data injection attacks in smart grids [J ] . IEEE Systems Journal , 2022 , 16 ( 2 ): 2946 - 2957 .

DUAN G H , LV H W , WANG H Q , et al . Application of a dynamic line graph neural network for intrusion detection with semisupervised learning [J ] . IEEE Transactions on Information Forensics and Security , 2022 , 18 : 699 - 714 .

KUANG K , CUI P , ATHEY S , et al . Stable prediction across unknown environments [C ] // Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining . New York : ACM Press , 2018 : 1617 - 1626 .

LIA P Y , YAN J , SELLIER J M , et al . TADA: a transferable domain-adversarial training for smart grid intrusion detection based on ensemble divergence metrics and spatiotemporal features [J ] . Energies , 2022 , 15 ( 23 ): 8778 .

KHEDDAR H , HIMEUR Y , AWAD A I . Deep transfer learning for intrusion detection in industrial control networks: a comprehensive review [J ] . arXiv Preprint , arXiv: 2304.10550 , 2023 .

ARJOVSKY M , BOTTOU L , GULRAJANI I , et al . Invariant risk minimization [J ] . arXiv Preprint , arXiv: 1907.02893 , 2019 .

ZHANG X X , CUI P , XU R Z , et al . Deep stable learning for out-of-distribution generalization [J ] . arXiv Preprint , arXiv: 2104.07876 , 2021 .

REN M Y , ZENG W Y , YANG B , et al . Learning to reweight examples for robust deep learning [J ] . arXiv Preprint , arXiv: 1803.09050 , 2018 .

RAHIMI A , RECHT B . Random features for large-scale kernel machines [C ] // Proceedings of the 2007 Conference onNeural Information Processing Systems . New York : ACM Press , 2007 : 1177 - 1184 .

LI Z , TON J F , OGLIC D , et al . Towards A unified analysis of random Fourier featuresJ] . arXiv Preprint , arXiv: 1806.09178 , 2018 .

LI H Y , WANG X , ZHANG Z W , et al . OOD-GNN: out-of-distribution generalized graph neural network [J ] . IEEE Transactions on Knowledge and Data Engineering , 2023 , 35 ( 7 ): 7328 - 7340 .

WU Z R , XIONG Y J , YU S X , et al . Unsupervised feature learning via non-parametric instance discrimination [C ] // Proceedings of the 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition . Piscataway : IEEE Press , 2018 : 3733 - 3742 .

KORONIOTIS N , MOUSTAFA N , SITNIKOVA E , et al . Towards the development of realistic botnet dataset in the Internet of things for network forensic analytics: bot-IoT dataset [J ] . arXiv Preprint , arXiv: 1811.00701 , 2018 .

SARHAN M , LAYEGHY S , PORTMANN M . Towards a standard feature set for network intrusion detection system datasets [J ] . Mobile Networks and Applications , 2022 , 27 ( 1 ): 357 - 370 .

CHANG L Y , BRANCO P . Graph-based solutions with residuals for intrusion detection: the modified E-GraphSAGE and E-ResGAT algorithms [J ] . arXiv Preprint , arXiv: 2111.13597 , 2021 .

DATAR M , IMMORLICA N , INDYK P , et al . Locality-sensitive hashing scheme based on p-stable distributions [C ] // Proceedings of the Twentieth Annual Symposium on Computational Geometry . New York : ACM Press , 2004 : 253 - 262 .

Views

535

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Dynamic temporal diffusion and multi-level refinement network for infrared and visible image fusion

Anomaly detection method for spatio-temporal correlation of WSN nodes based on graph prompt fine-tuning

Anomaly traffic detection method based on data augmentation and feature mining

Research advances and challenges on graph foundation model: perspective from graph neural network

Encrypted traffic classification method based on parallel traffic graph and graph neural network

Related Author

DI Jing

LI Han

SHI Shuhui

LIU Jizhao

LIAN Jing

YE Miao

CUI Jing

HUANG Yuan

Related Institution

School of Information Science & Engineering, Lan Zhou University

School of Electronic & Information Engineering, Lan Zhou Jiao Tong University

School of Electronic Engineering and Automation, Guilin University of Electronic Technology

Guangxi Wireless Broadband Communication and Signal Processing Key Laboratory, Guilin University of Electronic Technology

School of Computer Science and Information Security, Guilin University of Electronic Technology

AI问答

⁰