A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors
-
Published:2024-01-14
Issue:1
Volume:8
Page:1-20
-
ISSN:2378-962X
-
Container-title:ACM Transactions on Cyber-Physical Systems
-
language:en
-
Short-container-title:ACM Trans. Cyber-Phys. Syst.
Author:
Zhao Kejing1ORCID,
Zhang Zhiyong1ORCID,
Raymond Choo Kim-Kwang2ORCID,
Zhang Zhongya1ORCID,
Zhang Tiantian1ORCID
Affiliation:
1. Henan University of Science and Technology, China
2. University of Texas at San Antonio, USA
Abstract
Industrial Internet plays an important role in key critical infrastructure sectors and is the target of different security threats and risks. There are limitations in many existing attack detection approaches, such as function redundancy, overfitting, and low efficiency. A combinatorial optimization method—Lagrange multiplier—is designed to optimize the underlying feature screening algorithm. The optimized feature combination is fused with random forest and XG-Boost selected features to improve the accuracy and efficiency of attack feature analysis. Using both the UNSW-NB15 and natural gas pipeline datasets, we evaluate the performance of the proposed method. It is observed that the influence degrees of the different features associated with the attack behavior can result in the binary classification attack detection increasing to 0.93 and the attack detection time reducing by 6.96 times. The overall accuracy of multi-classification attack detection is also observed to improve by 0.11. We also observe that nine key features of attack behavior analysis are essential to the analysis and detection of general attacks targeting the system, and by focusing on these features one could potentially improve the effectiveness and efficiency of real-time critical industrial system security. In this article, the CICDDoS2019 and CICIDS2018 datasets are used to prove the generalization. The experimental results show that the proposed method has good generalization and can be extended to the same type of industrial anomaly datasets.
Funder
Project of Leading Talents in Science and Technology Innovation in Henan Province
Program for Henan Province Key Science and Technology
Henan Province University Key Scientific Research Project
Cloud Technology Endowed Professorship
Publisher
Association for Computing Machinery (ACM)
Subject
Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction