An Industrial Network Intrusion Detection Algorithm Based on Multifeature Data Clustering Optimization Model

Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in thi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on industrial informatics 2020-03, Vol.16 (3), p.2063-2071
Main Authors: Liang, Wei, Li, Kuan-Ching, Long, Jing, Kui, Xiaoyan, Zomaya, Albert Y.
Format: Article
Language:English
Subjects:
Algorithms
Clustering
Clustering algorithms
Data models
Feature extraction
industrial network
Informatics
Intrusion detection
Intrusion detection systems
multifeature
Optimization models
Real time
Security
Training
weighted distance
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Industrial networks are complex and diverse. Among existing intrusion prevention systems available, several of them have problems such as low detection accuracy rate, high false positive (FP) rate, and low real-time performance for impersonation attacks. To address such issues, it is proposed in this article an industrial network intrusion detection algorithm based on multifeature data clustering optimization model, where the weighted distances and security coefficients of data are classified based on the priority threshold of data attribute feature for each node in the network, given that the data modules in the industrial network environment are diverse and easy to diagnose, restore, and rebuild. The proposed algorithm can effectively improve the detection rate and real-time performance of detecting abnormal behavior for the multifeature data in industrial networks. The novel features are twofold, to rapidly select a node with high-security coefficient as the cluster center, and match the multifeature data around the center into a cluster. Experimental results show that the proposed algorithm has good superiority in terms of detection rate and time compared to other algorithms. In the industrial network, the detection accuracy of abnormal data reaches 97.8%, and the FP of detection is decreased by 8.8%.
ISSN:1551-3203
1941-0050
DOI:10.1109/TII.2019.2946791