Research on feature selection for cyber attack detection in industrial Internet of Things

With the rapid development of network technology, billions of industrial control systems (ICSs) and the Internet of Things (IoTs) have been equipped with network communication functions. This brings many network security issues while realizing data intercommunication and sharing. In particular, the massive amount of data and the heterogeneous nature of the data have brought huge challenges to the design of an effective intrusion detection system (IDS). In order to clarify the impact of distinct features on anomaly detection, this paper conducts a series of experiments based on the maximum correlation minimum redundancy (MRMR) feature selection algorithm and the support vector machine (SVM) classification method. By comparing the experimental results of UNSW-NB15 data set and MSU data set, traditional data set and industrial data set, it can be seen that different features have different effects on anomaly detection. To be precise, there are both coupling and independence between different features. In particular, industrial data sets based on the Modbus protocol (MSU) have higher redundancy and independence. In other words, we can select more effective data features as attributes of anomaly detection in designing industrial IDS, which can improve the detection accuracy while reducing the detection time.

[1]  Baihai Zhang,et al.  Research on Network Intrusion Detection Based on Incremental Extreme Learning Machine and Adaptive Principal Component Analysis , 2019, Energies.

[2]  Seung-Ho Kang A Feature Selection Algorithm to Find Optimal Feature Subsets for Detecting DoS Attacks , 2015, 2015 5th International Conference on IT Convergence and Security (ICITCS).

[3]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[4]  Shilpa Lakhina,et al.  Feature Reduction using Principal Component Analysis for Effective Anomaly – Based Intrusion Detection on NSL-KDD , 2010 .

[5]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[6]  Wei Gao,et al.  Industrial Control System Traffic Data Sets for Intrusion Detection Research , 2014, Critical Infrastructure Protection.

[7]  Jill Slay,et al.  The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set , 2016, Inf. Secur. J. A Glob. Perspect..

[8]  Yuan Zhou,et al.  Network Intrusion Detection Based on Kernel Principal Component Analysis and Extreme Learning Machine , 2018, 2018 IEEE 18th International Conference on Communication Technology (ICCT).

[9]  Kuinam J. Kim,et al.  A feature selection approach to find optimal feature subsets for the network intrusion detection system , 2015, Cluster Computing.

[10]  Jun Murai,et al.  Feature selection using genetic algorithm to improve classification in network intrusion detection system , 2017, 2017 International Electronics Symposium on Knowledge Creation and Intelligent Computing (IES-KCIC).

[11]  Yuanqing Xia,et al.  A novel intrusion detection method based on threshold modification using receiver operating characteristic curve , 2020, Concurr. Comput. Pract. Exp..

[12]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[13]  Tianqi Xu,et al.  Network Intrusion Detection Based on Support Vector Machine , 2009, 2009 International Conference on Management and Service Science.

[14]  Zhiwei Ye,et al.  A Feature Selection Approach for Network Intrusion Detection Based on Tree-Seed Algorithm and K-Nearest Neighbor , 2018, 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS).

[15]  Olivier Richard,et al.  CONCURRENCY AND COMPUTATION : PRACTICE AND EXPERIENCE , 2018 .