Using Data Mining Methods to Detect Simulated Intrusions on a Modbus Network

In the era of Industry 4.0 we seek to create a smart factory environment in which everything is connected and well coordinated. Smart factories will also be connected to cloud service and/or all kinds of partners outside the boundary of the factory to achieve even better efficiency. However network connectivity also brings threats along with the promise of better efficiency, and makes Smart factories more vulnerable to intruders. There were already security incidents such as Iran's nuclear facilities' infection by the Stuxnet virus and German's steel mill destroyed by hackers in 2014. To protect smart factories from such threats traditional means of intrusion detection on the Internet could be used, but we must also refine them and have them adapted to the context of Industry 4.0. For example, network traffic in a smart factory might be more uniformed and predictable compared to the traffic on the Internet, but one should tolerate much less anomaly as the traffic is usually mission critical, and will cause much more loss once intrusion happens. The most widely used signature-based intrusion detection systems come with a large library of signatures that contains known attack have been proved to be very useful, but without the ability to detect unknown attack. We turn to supervised data mining algorithms to detect intrusions, which will help us to detect intrusions with similar properties with known attacks but not necessarily fully match the signatures in the library. In this study a simulated smart factory environment was built and a series of attacks were implemented. Neural network and decision trees were used to classify the traffic generated from this simulated environment. From the experiments we conclude that for the data set we used, decision tree performed better than neural network for detecting intrusion as it provides better accuracy, lower false negative rate and faster model building time.

[1]  Tak-Chung Fu,et al.  Agent-oriented network intrusion detection system using data mining approaches , 2007, Int. J. Agent Oriented Softw. Eng..

[2]  Anitha Varghese,et al.  Wireless requirements and challenges in Industry 4.0 , 2014, 2014 International Conference on Contemporary Computing and Informatics (IC3I).

[3]  Rayford B. Vaughn,et al.  Deterministic Intrusion Detection Rules for MODBUS Protocols , 2013, 2013 46th Hawaii International Conference on System Sciences.

[4]  David M. Eyers,et al.  Twenty Security Considerations for Cloud-Supported Internet of Things , 2016, IEEE Internet of Things Journal.

[5]  N. Jazdi,et al.  Cyber physical systems in the context of Industry 4.0 , 2014, 2014 IEEE International Conference on Automation, Quality and Testing, Robotics.

[6]  Mathias Schmitt,et al.  Human-machine-interaction in the industry 4.0 era , 2014, 2014 12th IEEE International Conference on Industrial Informatics (INDIN).

[7]  Jiafu Wan,et al.  Industrie 4.0: Enabling technologies , 2015, Proceedings of 2015 International Conference on Intelligent Computing and Internet of Things.

[8]  Alvaro A. Cárdenas,et al.  Modeling Modbus TCP for intrusion detection , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[9]  Ing-Ray Chen,et al.  A survey of intrusion detection techniques for cyber-physical systems , 2014, ACM Comput. Surv..

[10]  Charles Kim,et al.  Modbus monitoring for networked control systems of cyber-defensive architecture , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[11]  Rainer Drath,et al.  Industrie 4.0: Hit or Hype? [Industry Forum] , 2014, IEEE Industrial Electronics Magazine.

[12]  H. A. Boyes Trustworthy cyber-physical systems - a review , 2013 .

[13]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[14]  Lin Li,et al.  Industrial communication intrusion detection algorithm based on improved one-class SVM , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).

[15]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[16]  Li Deng,et al.  Intrusion Detection Method Based on Support Vector Machine Access of Modbus TCP Protocol , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[17]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[18]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[19]  Yacine Bouzida,et al.  Neural networks vs . decision trees for intrusion detection , 2006 .

[20]  The State of IT Security in Germany 2015 , 2015 .

[21]  Chih-Ta Lin,et al.  Cyber attack and defense on industry control systems , 2017, 2017 IEEE Conference on Dependable and Secure Computing.