{"title":"工业物联网网络入侵检测和防御系统","authors":"Sangeeta Sharma, Ashish Kumar, Navdeep Singh Rathore, Shivanshu Sharma","doi":"10.1007/s12046-024-02567-z","DOIUrl":null,"url":null,"abstract":"<p>The Industrial IoT system often struggles to identify malignant traffic and may cause disruption in the flow of work or even hazardous situations. The previously described techniques to identify such intrusions work well but not enough to be implemented in such environments where it is very difficult to identify malignant traffic in loads of benign ones. Hence, an intrusion detection system is needed that works well with very highly unbalanced datasets. Therefore, we developed a transformer model that gives a high accuracy and combined it with a boosting module that decreases false negatives, which is highly required. This model is applied to the UNSW-2018-IoT-Botnet dataset, which is publicly available in the cloudstor network. Thus, the classified traffic identified as malignant is eliminated from the system using prevention techniques. The paper also extends the model to classify among five different traffics for the same dataset, in which some of the traffics are very difficult to distinguish, such as DoS and DDoS traffic. The experiments on such data sets have shown much better results, which proves that the model classifies well and can be implemented practically as well.</p>","PeriodicalId":21498,"journal":{"name":"Sādhanā","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Intrusion detection and prevention systems in industrial IoT network\",\"authors\":\"Sangeeta Sharma, Ashish Kumar, Navdeep Singh Rathore, Shivanshu Sharma\",\"doi\":\"10.1007/s12046-024-02567-z\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>The Industrial IoT system often struggles to identify malignant traffic and may cause disruption in the flow of work or even hazardous situations. The previously described techniques to identify such intrusions work well but not enough to be implemented in such environments where it is very difficult to identify malignant traffic in loads of benign ones. Hence, an intrusion detection system is needed that works well with very highly unbalanced datasets. Therefore, we developed a transformer model that gives a high accuracy and combined it with a boosting module that decreases false negatives, which is highly required. This model is applied to the UNSW-2018-IoT-Botnet dataset, which is publicly available in the cloudstor network. Thus, the classified traffic identified as malignant is eliminated from the system using prevention techniques. The paper also extends the model to classify among five different traffics for the same dataset, in which some of the traffics are very difficult to distinguish, such as DoS and DDoS traffic. The experiments on such data sets have shown much better results, which proves that the model classifies well and can be implemented practically as well.</p>\",\"PeriodicalId\":21498,\"journal\":{\"name\":\"Sādhanā\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-08-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Sādhanā\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s12046-024-02567-z\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sādhanā","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s12046-024-02567-z","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
工业物联网系统往往难以识别恶意流量,并可能导致工作流程中断,甚至出现危险情况。之前描述的识别此类入侵的技术效果很好,但还不足以在这种环境中实施,因为在这种环境中很难从大量良性流量中识别出恶性流量。因此,我们需要一种能很好地处理高度不平衡数据集的入侵检测系统。因此,我们开发了一种能提供高准确度的转换器模型,并将其与增强模块相结合,以减少误判,这一点非常必要。该模型应用于 UNSW-2018-IoT-Botnet 数据集,该数据集在 cloudstor 网络中公开可用。因此,被识别为恶性的分类流量将通过预防技术从系统中排除。本文还将模型扩展到对同一数据集的五种不同流量进行分类,其中有些流量很难区分,如 DoS 和 DDoS 流量。在此类数据集上进行的实验显示了更好的结果,这证明该模型分类效果良好,而且可以实际应用。
Intrusion detection and prevention systems in industrial IoT network
The Industrial IoT system often struggles to identify malignant traffic and may cause disruption in the flow of work or even hazardous situations. The previously described techniques to identify such intrusions work well but not enough to be implemented in such environments where it is very difficult to identify malignant traffic in loads of benign ones. Hence, an intrusion detection system is needed that works well with very highly unbalanced datasets. Therefore, we developed a transformer model that gives a high accuracy and combined it with a boosting module that decreases false negatives, which is highly required. This model is applied to the UNSW-2018-IoT-Botnet dataset, which is publicly available in the cloudstor network. Thus, the classified traffic identified as malignant is eliminated from the system using prevention techniques. The paper also extends the model to classify among five different traffics for the same dataset, in which some of the traffics are very difficult to distinguish, such as DoS and DDoS traffic. The experiments on such data sets have shown much better results, which proves that the model classifies well and can be implemented practically as well.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
