Unknown Attack Traffic Classification in SCADA Network Using Heuristic Clustering Technique
发布时间:2023-01-29 点击次数:
姚羽(教授)
+
- 博士生导师 硕士生导师
- 电子邮箱:
- 职务:复杂网络系统安全保障技术教育部工程研究中心主任
- 学历:博士研究生毕业
- 性别:男
- 联系方式:yaoyu@mail.neu.edu.cn
- 学位:博士
- 毕业院校:东北大学
- 所属院系:计算机科学与工程学院
- 学科:
计算机应用技术
计算机软件与理论
计算机系统结构
- 发表刊物:IEEE Transactions on Network and Service Management.
- 影响因子:5.332
- 摘要:Attack Traffic Classification (ATC) technique is an essential tool for Industrial Control System (ICS) network security, which can be widely used in active defense, situational awareness, attack source traceback and so on. At present, the state-of-the-art ATC methods are usually based on traffic statistical features and machine learning techniques, including supervised classification methods and unsupervised clustering methods. However, it is difficult for these methods to overcome the problems of lack of attack samples and high real-time requirement in ATC in Supervisory Control and Data Acquisition (SCADA) networks. In order to address the above problems, we propose a self-growing ATC model based on a new density-based heuristic clustering method, which can continuously and automatically detect and distinguish different kinds of unknown attack traffic generated by various attack tools against SCADA networks in real time. An effective representation method of SCADA network traffic is proposed to further improve the performance of ATC. In addition, a large number of experiments are conducted on a compound dataset consisting of the SCADA network dataset, the attack tool dataset and the ICS honeypot dataset, to evaluate the proposed method. The experimental results show that the proposed method outperforms existing state-of-the-art ATC methods in the crucial situation of only normal SCADA network traffic.
- 关键字:Attack traffic classification, heuristic clustering, SCADA network, traffic representation.
- 备注:https://ieeexplore.ieee.org/document/10023526
- 文献类型:JCR 二区
- 是否译文:否