Classification and characterization of encoded traffic in SCADA network using hybrid deep learning scheme

IF 2.9 3区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Love Allen Chijioke Ahakonye;Gabriel Chukwunonso Amaizu;Cosmas Ifeanyi Nwakanma;Jae Min Lee;Dong-Seong Kim
{"title":"Classification and characterization of encoded traffic in SCADA network using hybrid deep learning scheme","authors":"Love Allen Chijioke Ahakonye;Gabriel Chukwunonso Amaizu;Cosmas Ifeanyi Nwakanma;Jae Min Lee;Dong-Seong Kim","doi":"10.23919/JCN.2023.000067","DOIUrl":null,"url":null,"abstract":"The domain name system (DNS) has evolved into an essential component of network communications, as well as a critical component of critical industrial systems (CIS) and Supervisory Control and Data Acquisition (SCADA) network connection. DNS over HTTPS (DoH) encapsulating DNS within hypertext transfer protocol secure (HTTPS) does not eliminate network access exploitation. This paper proposes a hybrid deep learning model for the early classification of encoded network traffic into one of the two classes: DoH and NonDoH. They can be malicious, benign, or zero-day attacks. The proposed scheme incorporates the swiftness of the convolutional neural network (CNN) in extracting useful information and the ease of long short-term memory (LSTM) in learning long-term dependencies. The simulation results showed that the proposed approach accurately classifies the encoded network traffic as DoH or NonDoH and characterizes the traffic as benign, zero-day, or malicious. The proposed robust hybrid deep learning model had high accuracy and precision of 99.28%, recall of 99.75%, and AUC of 0.9975 at a minimal training and testing time of 745s and 0.000324 s, respectively. In addition to outperforming other compared contemporary algorithms and existing techniques, the proposed technique significantly detects all attack types. This study also investigated the impact of the SMOTE technique as a tool for data balancing. To further validate the reliability of the proposed scheme, an industrial control system SCADA (ICS-SCADA) dataset, in addition to two (2) other cyber-security datasets (NSL-KDD and CICDS2017), were evaluated. Mathews correlation coefficient (MCC) was employed to validate the model performance, confirming the applicability of the proposed model in a critical industrial system such as SCADA.","PeriodicalId":54864,"journal":{"name":"Journal of Communications and Networks","volume":"26 1","pages":"65-79"},"PeriodicalIF":2.9000,"publicationDate":"2024-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10459137","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Communications and Networks","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10459137/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The domain name system (DNS) has evolved into an essential component of network communications, as well as a critical component of critical industrial systems (CIS) and Supervisory Control and Data Acquisition (SCADA) network connection. DNS over HTTPS (DoH) encapsulating DNS within hypertext transfer protocol secure (HTTPS) does not eliminate network access exploitation. This paper proposes a hybrid deep learning model for the early classification of encoded network traffic into one of the two classes: DoH and NonDoH. They can be malicious, benign, or zero-day attacks. The proposed scheme incorporates the swiftness of the convolutional neural network (CNN) in extracting useful information and the ease of long short-term memory (LSTM) in learning long-term dependencies. The simulation results showed that the proposed approach accurately classifies the encoded network traffic as DoH or NonDoH and characterizes the traffic as benign, zero-day, or malicious. The proposed robust hybrid deep learning model had high accuracy and precision of 99.28%, recall of 99.75%, and AUC of 0.9975 at a minimal training and testing time of 745s and 0.000324 s, respectively. In addition to outperforming other compared contemporary algorithms and existing techniques, the proposed technique significantly detects all attack types. This study also investigated the impact of the SMOTE technique as a tool for data balancing. To further validate the reliability of the proposed scheme, an industrial control system SCADA (ICS-SCADA) dataset, in addition to two (2) other cyber-security datasets (NSL-KDD and CICDS2017), were evaluated. Mathews correlation coefficient (MCC) was employed to validate the model performance, confirming the applicability of the proposed model in a critical industrial system such as SCADA.
利用混合深度学习方案对 SCADA 网络中的编码流量进行分类和特征描述
域名系统 (DNS) 已发展成为网络通信的重要组成部分,也是关键工业系统 (CIS) 和监控与数据采集 (SCADA) 网络连接的重要组成部分。将 DNS 封装在超文本传输协议安全(HTTPS)中的 DNS over HTTPS(DoH)并不能消除网络访问漏洞。本文提出了一种混合深度学习模型,用于将编码后的网络流量早期分类为 DoH 和 NonDoH 两类之一:DoH和NonDoH。它们可以是恶意攻击、良性攻击或零日攻击。所提出的方案结合了卷积神经网络(CNN)在提取有用信息方面的敏捷性和长短期记忆(LSTM)在学习长期依赖关系方面的易用性。仿真结果表明,所提出的方法能准确地将编码的网络流量分类为 DoH 或 NonDoH,并将流量描述为良性、零时差或恶意。所提出的鲁棒混合深度学习模型的准确率和精确率高达 99.28%,召回率高达 99.75%,AUC 高达 0.9975,最小训练和测试时间分别为 745 秒和 0.000324 秒。除了在性能上优于其他同类算法和现有技术外,所提出的技术还能显著检测出所有攻击类型。本研究还调查了 SMOTE 技术作为数据平衡工具的影响。为进一步验证所提方案的可靠性,除了两(2)个其他网络安全数据集(NSL-KDD 和 CICDS2017)外,还对一个工业控制系统 SCADA(ICS-SCADA)数据集进行了评估。采用马修斯相关系数(MCC)验证了模型的性能,证实了所提模型在 SCADA 等关键工业系统中的适用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
6.60
自引率
5.60%
发文量
66
审稿时长
14.4 months
期刊介绍: The JOURNAL OF COMMUNICATIONS AND NETWORKS is published six times per year, and is committed to publishing high-quality papers that advance the state-of-the-art and practical applications of communications and information networks. Theoretical research contributions presenting new techniques, concepts, or analyses, applied contributions reporting on experiences and experiments, and tutorial expositions of permanent reference value are welcome. The subjects covered by this journal include all topics in communication theory and techniques, communication systems, and information networks. COMMUNICATION THEORY AND SYSTEMS WIRELESS COMMUNICATIONS NETWORKS AND SERVICES.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信