Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang
{"title":"检测工业互联网恶意攻击行为的组合优化分析方法","authors":"Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang","doi":"10.1145/3637554","DOIUrl":null,"url":null,"abstract":"Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2023-12-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors\",\"authors\":\"Kejing Zhao, Zhiyong Zhang, K. Choo, Zhongya Zhang, Tiantian Zhang\",\"doi\":\"10.1145/3637554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.\",\"PeriodicalId\":7055,\"journal\":{\"name\":\"ACM Transactions on Cyber-Physical Systems\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2023-12-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Cyber-Physical Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3637554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3637554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors
Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting and low efficiency. A combinatorial optimization method Lagrange multiplier is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and Natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increases to 0.93, and the attack detection time reduces by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this paper, CICDDoS2019 dataset and CICIDS2018 dataset are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly data sets.