Journal "Software Engineering" (Programmnaya Ingeneria) | Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning

Main

New Issue

Archive

Most cited articles

Editor in chief

Editorial board

For the authors

Publishing ethic

Peer reviewing

Publishing House

Old site

Russian

Issue N2 2022 year

DOI: 10.17587/prin.13.68-80

Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning

A. M. Vulfin , vulfin.alexey@gmail.com, Ufa State Aviation Technical University

Corresponding author: Vulfin Aleksey M., Associate Professor, Ufa State Aviation Technical University, E-mail: vulfin.alexey@gmail.com

Received on January 25, 2021

Accepted on December 15, 2021

The paper discusses the issues of improving algorithms for detecting network attacks in a heterogeneous industrial Internet of Things network based on machine learning technologies for subsequent integration with the subsystems of the center for monitoring and responding to information security incidents. A structural diagram of a network attack detection system and an algorithm for intelligent analysis of network traffic parameters in the task of detecting malicious network activity have been developed. Variants of constructing ensembles of classifiers based on machine learning models and heterogeneous neural network models are analyzed. The F1-measure score when working with test samples reaches 96 %. The possibility of embedding the obtained models as modules of network equipment to increase the efficiency of the analysis of network traffic of industrial systems or use as part of a network intrusion detection system is considered. The efficiency of the obtained solutions in assessing the quality of network attack detection on the original datasets is comparable for the tested models. The most promising for use in specialized signal processors of network equipment is a classifier based on a committee of random trees, since it provides good quality detection of network attacks and does not require significant computing resources when launching a model with coefficients selected during training. Monitoring the state of information and network infrastructure is implemented on the basis of a deployed solution based on the ELK stack. A virtual testing ground has been developed to assess the effectiveness of ML-models for detecting network attacks. Further research is aimed at developing a methodology for testing models in various scenarios for the implementation of targeted multi-step network attacks.

Keywords: network attacks, machine learning, data mining, ensemble of classifiers, heterogeneous industrial network, monitoring and response to information security incidents

pp. 68–80

For citation:
Vulfin A. M. Detection of Network Attacks in a Heterogeneous Industrial Network Based on Machine Learning, Programmnaya Ingeneria, 2022, vol. 13, no. 2, pp. 68—80.