Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870-5-104

IF 1.7 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS IET Cyber-Physical Systems: Theory and Applications Pub Date : 2024-01-04 DOI:10.1049/cps2.12085
M. Agus Syamsul Arifin, Deris Stiawan, Bhakti Yudho Suprapto, Susanto Susanto, Tasmi Salim, Mohd Yazid Idris, Rahmat Budiarto
{"title":"Oversampling and undersampling for intrusion detection system in the supervisory control and data acquisition IEC 60870-5-104","authors":"M. Agus Syamsul Arifin,&nbsp;Deris Stiawan,&nbsp;Bhakti Yudho Suprapto,&nbsp;Susanto Susanto,&nbsp;Tasmi Salim,&nbsp;Mohd Yazid Idris,&nbsp;Rahmat Budiarto","doi":"10.1049/cps2.12085","DOIUrl":null,"url":null,"abstract":"<p>Supervisory control and data acquisition systems are critical in Industry 4.0 for controlling and monitoring industrial processes. However, these systems are vulnerable to various attacks, and therefore, intelligent and robust intrusion detection systems as security tools are necessary for ensuring security. Machine learning-based intrusion detection systems require datasets with balanced class distribution, but in practice, imbalanced class distribution is unavoidable. A dataset created by running a supervisory control and data acquisition IEC 60870-5-104 (IEC 104) protocol on a testbed network is presented. The dataset includes normal and attacks traffic data such as port scan, brute force, and Denial of service attacks. Various types of Denial of service attacks are generated to create a robust and specific dataset for training the intrusion detection system model. Three popular techniques for handling class imbalance, that is, random over-sampling, random under-sampling, and synthetic minority oversampling, are implemented to select the best dataset for the experiment. Gradient boosting, decision tree, and random forest algorithms are used as classifiers for the intrusion detection system models. Experimental results indicate that the intrusion detection system model using decision tree and random forest classifiers using random under-sampling achieved the highest accuracy of 99.05%. The intrusion detection system model's performance is verified using various metrics such as recall, precision, F1-Score, receiver operating characteristics curves, and area under the curve. Additionally, 10-fold cross-validation shows no indication of overfitting in the created intrusion detection system model.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2024-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12085","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12085","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Supervisory control and data acquisition systems are critical in Industry 4.0 for controlling and monitoring industrial processes. However, these systems are vulnerable to various attacks, and therefore, intelligent and robust intrusion detection systems as security tools are necessary for ensuring security. Machine learning-based intrusion detection systems require datasets with balanced class distribution, but in practice, imbalanced class distribution is unavoidable. A dataset created by running a supervisory control and data acquisition IEC 60870-5-104 (IEC 104) protocol on a testbed network is presented. The dataset includes normal and attacks traffic data such as port scan, brute force, and Denial of service attacks. Various types of Denial of service attacks are generated to create a robust and specific dataset for training the intrusion detection system model. Three popular techniques for handling class imbalance, that is, random over-sampling, random under-sampling, and synthetic minority oversampling, are implemented to select the best dataset for the experiment. Gradient boosting, decision tree, and random forest algorithms are used as classifiers for the intrusion detection system models. Experimental results indicate that the intrusion detection system model using decision tree and random forest classifiers using random under-sampling achieved the highest accuracy of 99.05%. The intrusion detection system model's performance is verified using various metrics such as recall, precision, F1-Score, receiver operating characteristics curves, and area under the curve. Additionally, 10-fold cross-validation shows no indication of overfitting in the created intrusion detection system model.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
用于监控和数据采集入侵检测系统的过采样和欠采样 IEC 60870-5-104
在工业 4.0 中,监控和数据采集系统对于控制和监测工业流程至关重要。然而,这些系统很容易受到各种攻击,因此,作为安全工具的智能、强大的入侵检测系统对确保安全十分必要。基于机器学习的入侵检测系统需要类分布均衡的数据集,但在实际应用中,类分布不均衡的情况不可避免。本文介绍了在测试平台网络上运行监督控制和数据采集 IEC 60870-5-104 (IEC 104)协议所创建的数据集。数据集包括正常和攻击流量数据,如端口扫描、暴力和拒绝服务攻击。生成各种类型的拒绝服务攻击,是为了创建一个健壮的特定数据集,用于训练入侵检测系统模型。为了选择最佳的实验数据集,我们采用了三种处理类不平衡的流行技术,即随机过度采样、随机采样不足和合成少数过度采样。梯度提升、决策树和随机森林算法被用作入侵检测系统模型的分类器。实验结果表明,使用决策树和随机森林分类器的入侵检测系统模型在随机欠采样的情况下达到了 99.05% 的最高准确率。入侵检测系统模型的性能通过各种指标来验证,如召回率、精确度、F1 分数、接收器工作特性曲线和曲线下面积。此外,10 倍交叉验证表明所创建的入侵检测系统模型没有过拟合迹象。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IET Cyber-Physical Systems: Theory and Applications
IET Cyber-Physical Systems: Theory and Applications Computer Science-Computer Networks and Communications
CiteScore
5.40
自引率
6.70%
发文量
17
审稿时长
19 weeks
期刊最新文献
Guest Editorial: IoT-based secure health monitoring and tracking through estimated computing SEIR-driven semantic integration framework: Internet of Things-enhanced epidemiological surveillance in COVID-19 outbreaks using recurrent neural networks A machine learning model for Alzheimer's disease prediction Securing the Internet of Medical Things with ECG-based PUF encryption Status, challenges, and promises of data-driven battery lifetime prediction under cyber-physical system context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1