Love Allen Chijioke Ahakonye;Gabriel Chukwunonso Amaizu;Cosmas Ifeanyi Nwakanma;Jae Min Lee;Dong-Seong Kim
{"title":"Classification and characterization of encoded traffic in SCADA network using hybrid deep learning scheme","authors":"Love Allen Chijioke Ahakonye;Gabriel Chukwunonso Amaizu;Cosmas Ifeanyi Nwakanma;Jae Min Lee;Dong-Seong Kim","doi":"10.23919/JCN.2023.000067","DOIUrl":null,"url":null,"abstract":"The domain name system (DNS) has evolved into an essential component of network communications, as well as a critical component of critical industrial systems (CIS) and Supervisory Control and Data Acquisition (SCADA) network connection. DNS over HTTPS (DoH) encapsulating DNS within hypertext transfer protocol secure (HTTPS) does not eliminate network access exploitation. This paper proposes a hybrid deep learning model for the early classification of encoded network traffic into one of the two classes: DoH and NonDoH. They can be malicious, benign, or zero-day attacks. The proposed scheme incorporates the swiftness of the convolutional neural network (CNN) in extracting useful information and the ease of long short-term memory (LSTM) in learning long-term dependencies. The simulation results showed that the proposed approach accurately classifies the encoded network traffic as DoH or NonDoH and characterizes the traffic as benign, zero-day, or malicious. The proposed robust hybrid deep learning model had high accuracy and precision of 99.28%, recall of 99.75%, and AUC of 0.9975 at a minimal training and testing time of 745s and 0.000324 s, respectively. In addition to outperforming other compared contemporary algorithms and existing techniques, the proposed technique significantly detects all attack types. This study also investigated the impact of the SMOTE technique as a tool for data balancing. To further validate the reliability of the proposed scheme, an industrial control system SCADA (ICS-SCADA) dataset, in addition to two (2) other cyber-security datasets (NSL-KDD and CICDS2017), were evaluated. Mathews correlation coefficient (MCC) was employed to validate the model performance, confirming the applicability of the proposed model in a critical industrial system such as SCADA.","PeriodicalId":54864,"journal":{"name":"Journal of Communications and Networks","volume":"26 1","pages":"65-79"},"PeriodicalIF":2.9000,"publicationDate":"2024-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10459137","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Communications and Networks","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10459137/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The domain name system (DNS) has evolved into an essential component of network communications, as well as a critical component of critical industrial systems (CIS) and Supervisory Control and Data Acquisition (SCADA) network connection. DNS over HTTPS (DoH) encapsulating DNS within hypertext transfer protocol secure (HTTPS) does not eliminate network access exploitation. This paper proposes a hybrid deep learning model for the early classification of encoded network traffic into one of the two classes: DoH and NonDoH. They can be malicious, benign, or zero-day attacks. The proposed scheme incorporates the swiftness of the convolutional neural network (CNN) in extracting useful information and the ease of long short-term memory (LSTM) in learning long-term dependencies. The simulation results showed that the proposed approach accurately classifies the encoded network traffic as DoH or NonDoH and characterizes the traffic as benign, zero-day, or malicious. The proposed robust hybrid deep learning model had high accuracy and precision of 99.28%, recall of 99.75%, and AUC of 0.9975 at a minimal training and testing time of 745s and 0.000324 s, respectively. In addition to outperforming other compared contemporary algorithms and existing techniques, the proposed technique significantly detects all attack types. This study also investigated the impact of the SMOTE technique as a tool for data balancing. To further validate the reliability of the proposed scheme, an industrial control system SCADA (ICS-SCADA) dataset, in addition to two (2) other cyber-security datasets (NSL-KDD and CICDS2017), were evaluated. Mathews correlation coefficient (MCC) was employed to validate the model performance, confirming the applicability of the proposed model in a critical industrial system such as SCADA.
期刊介绍:
The JOURNAL OF COMMUNICATIONS AND NETWORKS is published six times per year, and is committed to publishing high-quality papers that advance the state-of-the-art and practical applications of communications and information networks. Theoretical research contributions presenting new techniques, concepts, or analyses, applied contributions reporting on experiences and experiments, and tutorial expositions of permanent reference value are welcome. The subjects covered by this journal include all topics in communication theory and techniques, communication systems, and information networks. COMMUNICATION THEORY AND SYSTEMS WIRELESS COMMUNICATIONS NETWORKS AND SERVICES.