Automatic Device Identification and Anomaly Detection with Machine Learning Techniques in Smart Factories
- 10 December 2020
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
With the development of Industrial Internet of Things (IIoT) technologies, there are more and more diverse smart devices and sensors connected in smart factories. Since these devices are only designed for connection with each other, they usually have very limited security mechanism. Also, due to the diverse behaviors for different devices, it would be difficult to design individual security mechanism manually. To detect potential threats on these devices, machine learning methods might be helpful to learn the diverse behaviors from their generated packets for identifying device types. In this paper, we propose a machine learning approach to automatic device identification and anomaly detection through network traffic analysis. First, we utilize both unsupervised and supervised learning for identifying different types of IoT devices. Second, based on the model learned from device identification module, we conduct feature selection to improve classification performance for anomaly detection. In our experiments on real data in a smart factory, the performance of device identification using supervised learning outperforms that of unsupervised learning. The best performance can be obtained for XGBoost with the best accuracy of 97.6% and micro-averaging F1 score of 97.6%. Also, in the emulated attacks on real devices, gradient boosted decision trees were found useful in anomaly detection, which gives an accuracy of 99.997% with the F1 score of 99.995%. This shows the potential of the proposed approach for anomaly detection in smart factories. Further investigation is needed to verify the proposed approach using more types of devices and network attacks.Keywords
This publication has 9 references indexed in Scilit:
- Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT datasetFuture Generation Computer Systems, 2019
- Attack and anomaly detection in IoT sensors in IoT sites using machine learning approachesInternet of Things, 2019
- Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of ThingsIEEE Internet of Things Journal, 2019
- A PUF-based unified identity verification framework for secure IoT hardware via device authenticationWorld Wide Web, 2019
- AD-IoT: Anomaly Detection of IoT Cyberattacks in Smart City Using Machine LearningPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2019
- IoT Devices Recognition Through Network Traffic AnalysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2018
- Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data SetPublished by Association for Computing Machinery (ACM) ,2018
- Distributed attack detection scheme using deep learning approach for Internet of ThingsFuture Generation Computer Systems, 2018
- Detecting Malicious Websites by Learning IP Address FeaturesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012