Identification method for malicious traffic in industrial Internet under new unknown attack scenarios
Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet, a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural netwo...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2024-06-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024093/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539182211629056 |
|---|---|
| author | ZENG Fanyi MAN Dapeng XU Chen HAN Shuai WANG Huanran ZHOU Xue LI Xinchun YANG Wu |
| author_facet | ZENG Fanyi MAN Dapeng XU Chen HAN Shuai WANG Huanran ZHOU Xue LI Xinchun YANG Wu |
| author_sort | ZENG Fanyi |
| collection | DOAJ |
| description | Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet, a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly, the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly, the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally, the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies, combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method, the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario, which shows its high efficiency and practicability in the industrial Internet environment. |
| format | Article |
| id | doaj-art-30f23547ba8147ae8c5e6b1e7dba1e33 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2024-06-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-30f23547ba8147ae8c5e6b1e7dba1e332025-01-14T07:24:31ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2024-06-0145758663977211Identification method for malicious traffic in industrial Internet under new unknown attack scenariosZENG FanyiMAN DapengXU ChenHAN ShuaiWANG HuanranZHOU XueLI XinchunYANG WuAiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet, a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly, the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly, the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally, the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies, combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method, the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario, which shows its high efficiency and practicability in the industrial Internet environment.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024093/industrial Internetmalicious traffic identificationgraph neural networkneighborhood filteringstable learning |
| spellingShingle | ZENG Fanyi MAN Dapeng XU Chen HAN Shuai WANG Huanran ZHOU Xue LI Xinchun YANG Wu Identification method for malicious traffic in industrial Internet under new unknown attack scenarios Tongxin xuebao industrial Internet malicious traffic identification graph neural network neighborhood filtering stable learning |
| title | Identification method for malicious traffic in industrial Internet under new unknown attack scenarios |
| title_full | Identification method for malicious traffic in industrial Internet under new unknown attack scenarios |
| title_fullStr | Identification method for malicious traffic in industrial Internet under new unknown attack scenarios |
| title_full_unstemmed | Identification method for malicious traffic in industrial Internet under new unknown attack scenarios |
| title_short | Identification method for malicious traffic in industrial Internet under new unknown attack scenarios |
| title_sort | identification method for malicious traffic in industrial internet under new unknown attack scenarios |
| topic | industrial Internet malicious traffic identification graph neural network neighborhood filtering stable learning |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024093/ |
| work_keys_str_mv | AT zengfanyi identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT mandapeng identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT xuchen identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT hanshuai identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT wanghuanran identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT zhouxue identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT lixinchun identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios AT yangwu identificationmethodformalicioustrafficinindustrialinternetundernewunknownattackscenarios |