research-article

E-minBatch GraphSAGE: : An Industrial Internet Attack Detection Model

Authors:

Jin N. Ma Academic Editor:

Robertas DamaševičiusAuthors Info & Claims

Security and Communication Networks, Volume 2022

https://doi.org/10.1155/2022/5363764

Published: 01 January 2022 Publication History

Abstract

The Industrial Internet has grown rapidly in recent years, and attacks against the Industrial Internet have also increased. When compared with the traditional Internet, the industrial Internet has a more complex network structure, and the traditional graph neural network attack behavior detection model cannot well adapt to the complex network environment. To make the model better adapt to the complex network environment, this paper proposes the E-minBatch GraphSAG model. First, the application layer source port and source IP address is used as source nodes, the application layer target port and target IP address are used as target nodes, and the remaining traffic information is used as edge information to complete the construction of the graph structure data, and then the constructed graph structure data is presampled to select the edge information that needs to be aggregated next, followed by using the AGG aggregation function to aggregate the information in the domain generated by the presampling process. Finally, the information of two adjacent nodes is aggregated as edge information to classify the edges. Increase the number of IP addresses in the UNSW-NB15 dataset, and then use it for model training and testing. The experimental results show that the accuracy of the model reaches 99.49% in a relatively complex network environment. In this paper, the E-minBatch GraphSAG model is presented in an attempt to solve the problem of attack detection in the complex industrial Internet environment.

References

[1]

K. W. Schmidt and Schmidt, “Distributed real-time protocols for industrial control systems: framework and examples,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 10, pp. 1856–1866, 2012.

Digital Library

[2]

J. E. Rubio, R. Roman, and J. Lopez, “Integration of a threat traceability solution in the industrial Internet of things,” IEEE Transactions on Industrial Informatics, vol. 16, no. 10, pp. 6575–6583, 2020.

[3]

Y. Hu, A. Yang, H. Li, Y. Sun, and L. Sun, “A survey of intrusion detection on industrial control systems,” International Journal of Distributed Sensor Networks, vol. 14, no. 8, p. 155014771879461, August 2018.

[4]

R. Langner, “Stuxnet: dissecting a cyberwarfare weapon,” IEEE Secur Priv2011, vol. 9, no. 3, pp. 49–51, 2021.

[5]

R. M. Lee, M. J. Assante, and T. Conway, Analysis of the Cyber Attack on the Ukrainian Power Grid, p. 2, Electricity Information Sharing and Analysis Center(E-ISAC), Washington,DC, 2020.

[6]

J. Staggs, Adventures in Attacking Wind Farm Control Networks, black hat, San Francisco, CA, 2017.

[7]

E. Noonan, in Colonial Pipeline Didn’t Have Multifactor Authentication in Place—And Most Defense Contractors Don’t Either, Nextgov.com, China, 2021.

[8]

R. Singh, H. Kumar, R. K. Singla, and R. R. Ketti, “Internet attacks and intrusion detection system,” Online Information Review, vol. 41, no. 2, pp. 171–184, 2017.

[9]

W. Lee and S. J. Stolfo, “Data mining approaches for intrusion detection,” in Proceedings of the 7th USENIX Security Symposium, pp. 120–132, San Antonio,TX, January 1998.

[10]

L. Khan, M. Awad, and B. M. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” The VLDB Journal, vol. 16, no. 4, pp. 507–521, 2007.

Digital Library

[11]

E. Hodo, X. Bellekens, A. Hamilton, P. L. Dubouilh, E. Iorkyase, C. Tachtatzis, and R. Atkinson, “Threat analysis of iot networks using artificial neural network intrusion detection system,” in Proceedings of the 2016 International Symposium on Networks Computer and Communications, pp. 1–6, China, May 2016.

[12]

A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Future Generation Computer Systems, vol. 282, pp. 761–768, May 2017.

[13]

R. Beghdad, “Critical study of neural networks in detecting intrusions,” Computers & Security, vol. 27, no. 5-6, pp. 168–175, 2008.

Digital Library

[14]

W. W. Lo, S. Layeghy, M. Sarhan, and E. GraphSAGE, “A Graph Neural Network Based Intrusion Detection System,” 2021, https://arxiv.org/abs/2103.16329.

[15]

W. L. Hamilton, R. Ying, and J. Leskovec, “Inductive representation learning on large graphs,” Advances in Neural Information Processing Systems, vol. 02216, 2017.

[16]

A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, and A. Alazab, “A novel ensemble of hybrid intrusion detection system for detecting Internet of things attacks,” Electronics, vol. 8, no. 11, p. 1210, 2019.

[17]

X. Li, M. Xu, P. Vijayakumar, N. Kumar, and X. Liu, “Detection of LowFrequency and Multi-Stage Attacks in Industrial Internet of Things,” IEEE Transactions on Vehicular Technology, vol. 69, 2020.

[18]

A. A. Süzen, “Developing a multi-level intrusion detection system using hybrid-DBN[J],” Journal of Ambient Intelligence and Humanized Computing, 2020.

[19]

W. Liang, K. C. Li, J. Long, X. Kui, and A. Y. Zomaya, “An industrial network intrusion detection algorithm based on multifeature data clustering optimization model,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 2063–2071, 2020.

[20]

D. Huang, X. Shi, and W. A. Zhang, “False data injection attack detection for industrial control systems based on both time and frequency-domain analysis of sensor data[J],” IEEE Internet of Things Journal, no. 99, p. 1, 2020.

[21]

K. Zhang, C. Shen, H. Wang, Z. Li, Q. Gao, and X. Chen, “Cluster computing data mining based on massive intrusion interference constraints in hybrid networks[J],” Cluster Computing, vol. 22, no. 3, pp. 7481–7489, 2019.

[22]

A. Alharbi, W. Alosaimi, H. Alyami, H. T. Rauf, and R. Damaševičius, “Botnet attack detection using local global best Bat algorithm for industrial Internet of things,” Electronics, vol. 10, no. 11, p. 1341, 2021.

[23]

M. H. Ali, M. M. Jaber, S. K. Abd, A. Rehman, M. J. Awan, R. Damaševičius, and S. A. Bahaj, “Threat analysis and distributed denial of service (DDoS) attack recognition in the Internet of things (IoT),” Electronics, vol. 11, no. 3, p. 494, 2022.

[24]

M. Wozniak, J. Silka, M. Wieczorek, and M. Alrashoud, “Recurrent Neural Network model for IoT and networking malware threads detection[J],” IEEE Transactions on Industrial Informatics, vol. 1, no. 99, 2020.

[25]

M. M. Bronstein, J. Bruna, Y. LeCun, A. Szlam, and P. Vandergheynst, “Geometric deep learning: going beyond euclidean data,” IEEE Signal Processing Magazine, vol. 34, no. 4, pp. 18–42, 2017.

[26]

W. L. Hamilton, R. Ying, and J. Leskovec, “Inductive Representation Learning on Large Graphs,” Advances in Neural Information Processing Systems 30 (NIPS 2017, China, 2017.

[27]

K. Xie, Y. Yang, Y. Xin, and G. Xia, “Cellular neural network-based methods for distributed network intrusion detection,” Mathematical Problems in Engineering, vol. 2015, no. 3, pp. 1–10, 2015.

[28]

Y. Y. Huang, D. Wang, Y. Sun, and B. Hang, “A fastin tracoding algorithm for HEVC by join tly utilizing naïve Bayesian and SVM,” Multimedia Tools and Applications, vol. 79, no. 45, pp. pp33957–33971, 2020.

[29]

N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” Proc. Mil. Commun. Inf. Syst. Conf. (MilCIS), Nov., , vol. 12, pp. 1–6, 2015.

[30]

J. Toldinas, A. Venčkauskas, R. Damaševičius, Š. Grigaliūnas, and Morkevičius, “A novel approach for network intrusion detection using multistage deep learning image recognition,” Electronics, vol. 10, no. 15, p. 1854, 2021.

Cited By

Zhong MLin MZhang CXu Z(2024)A survey on graph neural networks for intrusion detection systemsComputers and Security10.1016/j.cose.2024.103821141:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103821
Chen JSong LCai SXie HYin SAhmad B(2023)TLS-MHSA: An Efficient Detection Model for Encrypted Malicious Traffic based on Multi-Head Self-Attention MechanismACM Transactions on Privacy and Security10.1145/361396026:4(1-21)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3613960

Recommendations

Evaluating TCP-friendliness in light of Concurrent Multipath Transfer

In prior work, a CMT protocol using SCTP multihoming (termed SCTP-based CMT) was proposed and investigated for improving application throughput. SCTP-based CMT was studied in (bottleneck-independent) wired networking scenarios with ns-2 simulations. ...
TCP CERL: congestion control enhancement over wireless networks

In this paper, we propose and verify a modified version of TCP Reno that we call TCP Congestion Control Enhancement for Random Loss (CERL). We compare the performance of TCP CERL, using simulations conducted in ns-2, to the following other TCP variants: ...
The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections
SIGMETRICS '00: Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Our research focuses on end-to-end congestion avoidance algorithms that use round trip time (RTT) fluctuations as an indicator of the level of network congestion. The algorithms are referred to as delay-based congestion avoidance or DCA. Due to the ...

Comments

Information & Contributors

Information

Published In

cover image Security and Communication Networks

Security and Communication Networks Volume 2022, Issue

2022

13851 pages

ISSN:1939-0114

EISSN:1939-0122

Issue’s Table of Contents

Copyright © 2022 Jin Lan et al.

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 January 2022

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhong MLin MZhang CXu Z(2024)A survey on graph neural networks for intrusion detection systemsComputers and Security10.1016/j.cose.2024.103821141:COnline publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103821
Chen JSong LCai SXie HYin SAhmad B(2023)TLS-MHSA: An Efficient Detection Model for Encrypted Malicious Traffic based on Multi-Head Self-Attention MechanismACM Transactions on Privacy and Security10.1145/361396026:4(1-21)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.1145/3613960

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents