Extracting Function-Driven Tracing Characteristics for Optimized SVM Classification

Due to its openness and simplicity, Modbus TCP has wide applications to facilitate the actual management and control in industrial wireless fields. However, its potential security vulnerabilities can also create lots of complicated information security challenges, which are increasingly threatening the availability of industrial real-time traffic delivery. Although anomaly detection has been recognized as a workable security measure to identify attacks, the critical step to successfully extract data characteristics is an extremely difficult task. In this paper, we focus on the continuous control mode in industrial processes and propose a control tracing feature algorithm to extract the function-driven tracing characteristics from Modbus TCP data traffic. Furthermore, this algorithm can flexibly integrate the time factor with critical functional operations and adequately describe the dynamic control change of technological processes. To closely cooperate with this algorithm, one optimized SVM (support vector machine) classifier is introduced as the practicable decision engine. By designing one applicable attack mode, we develop an in-depth and meticulous analysis on the decision accuracy, and all experimental results clearly explain that the extracted features can strongly reflect the changing pattern of continuous functional operations, and the proposed algorithm can effectively cooperate with the optimized SVM classifier to distinguish abnormal Modbus TCP data traffic.

[1]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.

[2]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[3]  Tengke Xiong,et al.  Pattern-based causal relationships discovery from event sequences for modeling behavioral user profile in ubiquitous environments , 2014, Inf. Sci..

[4]  Christian Bonnet,et al.  An IoT gateway centric architecture to provide novel M2M services , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[5]  Alvaro A. Cárdenas,et al.  Modeling Modbus TCP for intrusion detection , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[6]  Rong Zheng,et al.  Detecting Stealthy False Data Injection Using Machine Learning in Smart Grid , 2017, IEEE Syst. J..

[7]  Ming Wan,et al.  Double Behavior Characteristics for One-Class Classification Anomaly Detection in Networked Control Systems , 2017, IEEE Transactions on Information Forensics and Security.

[8]  Pavol Zavarsky,et al.  Analysis of SCADA Security Using Penetration Testing: A Case Study on Modbus TCP Protocol , 2018, 2018 29th Biennial Symposium on Communications (BSC).

[9]  MengChu Zhou,et al.  An online fault detection model and strategies based on SVM-grid in clouds , 2018, IEEE/CAA Journal of Automatica Sinica.

[10]  Adriano Valenzano,et al.  Performance Evaluation and Modeling of an Industrial Application-Layer Firewall , 2018, IEEE Transactions on Industrial Informatics.

[11]  Raimir Holanda Filho,et al.  Middleware for integration of legacy electrical equipment into smart grid infrastructure using wireless sensor networks , 2018, Int. J. Commun. Syst..

[12]  Anna Volkova,et al.  Security Challenges in Control Network Protocols: A Survey , 2019, IEEE Communications Surveys & Tutorials.

[13]  Masoud Abbaszadeh,et al.  Attack Detection for Securing Cyber Physical Systems , 2019, IEEE Internet of Things Journal.

[14]  Edmundo Monteiro,et al.  A Comprehensive Security Analysis of a SCADA Protocol: From OSINT to Mitigation , 2019, IEEE Access.

[15]  Yu Ding,et al.  Unsupervised Anomaly Detection Based on Minimum Spanning Tree Approximated Distance Measures and its Application to Hydropower Turbines , 2019, IEEE Transactions on Automation Science and Engineering.

[16]  Lagineni Mahendra,et al.  Wireless Real-time Meter Data Acquisition System , 2019, TENCON 2019 - 2019 IEEE Region 10 Conference (TENCON).

[17]  Cristina Alcaraz,et al.  Covert Channels-Based Stealth Attacks in Industry 4.0 , 2019, IEEE Systems Journal.

[18]  Adel Assiri,et al.  Anomaly Classification Using Genetic Algorithm-based Random Forest Model for Network Attack Detection , 2020, Computers, Materials & Continua.

[19]  Claudia Szabo,et al.  Adaptive Performance Anomaly Detection in Distributed Systems Using Online SVMs , 2020, IEEE Transactions on Dependable and Secure Computing.

[20]  Zhou Su,et al.  Abnormal Crowd Traffic Detection for Crowdsourced Indoor Positioning in Heterogeneous Communications Networks , 2020, IEEE Transactions on Network Science and Engineering.

[21]  Qianmu Li,et al.  A dynamic taint tracking optimized fuzz testing method based on multi-modal sensor data fusion , 2020, EURASIP J. Wirel. Commun. Netw..

[22]  Hao Luo,et al.  State-Based Control Feature Extraction for Effective Anomaly Detection in Process Industries , 2020, Computers, Materials & Continua.

[23]  Wencong Su,et al.  A Machine-Learning-Based Cyber Attack Detection Model for Wireless Sensor Networks in Microgrids , 2021, IEEE Transactions on Industrial Informatics.

[24]  Jianhua Ma,et al.  Variational LSTM Enhanced Anomaly Detection for Industrial Big Data , 2021, IEEE Transactions on Industrial Informatics.

[25]  Dongsheng Yang,et al.  Research on Intrusion Detection Based on Particle Swarm Optimization in IoT , 2021, IEEE Access.

[26]  Baojiang Cui,et al.  A novel model for anomaly detection in network traffic based on kernel support vector machine , 2021, Comput. Secur..

[27]  Bo Li,et al.  A Data-driven Approach for Reverse Engineering Electric Power Protocols , 2021, J. Signal Process. Syst..

[28]  Panagiotis I. Radoglou-Grammatikis,et al.  A Unified Deep Learning Anomaly Detection and Classification Approach for Smart Grid Environments , 2021, IEEE Transactions on Network and Service Management.

[29]  Yuhui Shi,et al.  Enhancing Learning Efficiency of Brain Storm Optimization via Orthogonal Learning Design , 2021, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[30]  R. Ayyanar,et al.  A High Performance Communication Architecture for a Smart Micro-Grid Testbed Using Customized Edge Intelligent Devices (EIDs) With SPI and Modbus TCP/IP Communication Protocols , 2021, IEEE Open Journal of Power Electronics.