Accurate threat hunting in industrial internet of things edge devices
Industrial Internet of Things (IIoT) systems depend on a growing number of edge devices such as sensors, controllers, and robots for data collection, transmission, storage, and processing. Any kind of malicious or abnormal function by each of these devices can jeopardize the security of the entire I...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co., Ltd.
2023-10-01
|
| Series: | Digital Communications and Networks |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2352864822001857 |
| _version_ | 1797640284841967616 |
|---|---|
| author | Abbas Yazdinejad Behrouz Zolfaghari Ali Dehghantanha Hadis Karimipour Gautam Srivastava Reza M. Parizi |
| author_facet | Abbas Yazdinejad Behrouz Zolfaghari Ali Dehghantanha Hadis Karimipour Gautam Srivastava Reza M. Parizi |
| author_sort | Abbas Yazdinejad |
| collection | DOAJ |
| description | Industrial Internet of Things (IIoT) systems depend on a growing number of edge devices such as sensors, controllers, and robots for data collection, transmission, storage, and processing. Any kind of malicious or abnormal function by each of these devices can jeopardize the security of the entire IIoT. Moreover, they can allow malicious software installed on end nodes to penetrate the network. This paper presents a parallel ensemble model for threat hunting based on anomalies in the behavior of IIoT edge devices. The proposed model is flexible enough to use several state-of-the-art classifiers as the basic learner and efficiently classifies multi-class anomalies using the Multi-class AdaBoost and majority voting. Experimental evaluations using a dataset consisting of multi-source normal records and multi-class anomalies demonstrate that our model outperforms existing approaches in terms of accuracy, F1 score, recall, and precision. |
| first_indexed | 2024-03-11T13:29:43Z |
| format | Article |
| id | doaj.art-ab8cff8e20ca41d39ec4afc1586a3198 |
| institution | Directory Open Access Journal |
| issn | 2352-8648 |
| language | English |
| last_indexed | 2024-03-11T13:29:43Z |
| publishDate | 2023-10-01 |
| publisher | KeAi Communications Co., Ltd. |
| record_format | Article |
| series | Digital Communications and Networks |
| spelling | doaj.art-ab8cff8e20ca41d39ec4afc1586a31982023-11-03T04:15:11ZengKeAi Communications Co., Ltd.Digital Communications and Networks2352-86482023-10-019511231130Accurate threat hunting in industrial internet of things edge devicesAbbas Yazdinejad0Behrouz Zolfaghari1Ali Dehghantanha2Hadis Karimipour3Gautam Srivastava4Reza M. Parizi5Cyber Science Lab, School of Computer Science, University of Guelph, Ontario, CanadaCyber Science Lab, School of Computer Science, University of Guelph, Ontario, CanadaCyber Science Lab, School of Computer Science, University of Guelph, Ontario, Canada; Corresponding author.Department of Electrical and Software Engineering, University of Calgary, Alberta, CanadaDepartment of Mathematics and Computer Science, Brandon University, Brandon, Canada; Research Center for Interneural Computing, China Medical University, Taichung, Taiwan, China; Department of Computer Science and Mathematics, Lebanese American University, Beirut, 1102, LebanonCollege of Computing and Software Engineering, Kennesaw State University, GA, USAIndustrial Internet of Things (IIoT) systems depend on a growing number of edge devices such as sensors, controllers, and robots for data collection, transmission, storage, and processing. Any kind of malicious or abnormal function by each of these devices can jeopardize the security of the entire IIoT. Moreover, they can allow malicious software installed on end nodes to penetrate the network. This paper presents a parallel ensemble model for threat hunting based on anomalies in the behavior of IIoT edge devices. The proposed model is flexible enough to use several state-of-the-art classifiers as the basic learner and efficiently classifies multi-class anomalies using the Multi-class AdaBoost and majority voting. Experimental evaluations using a dataset consisting of multi-source normal records and multi-class anomalies demonstrate that our model outperforms existing approaches in terms of accuracy, F1 score, recall, and precision.http://www.sciencedirect.com/science/article/pii/S2352864822001857IIoTThreat huntingEdge devicesMulti-class anomaliesEnsemble methods |
| spellingShingle | Abbas Yazdinejad Behrouz Zolfaghari Ali Dehghantanha Hadis Karimipour Gautam Srivastava Reza M. Parizi Accurate threat hunting in industrial internet of things edge devices Digital Communications and Networks IIoT Threat hunting Edge devices Multi-class anomalies Ensemble methods |
| title | Accurate threat hunting in industrial internet of things edge devices |
| title_full | Accurate threat hunting in industrial internet of things edge devices |
| title_fullStr | Accurate threat hunting in industrial internet of things edge devices |
| title_full_unstemmed | Accurate threat hunting in industrial internet of things edge devices |
| title_short | Accurate threat hunting in industrial internet of things edge devices |
| title_sort | accurate threat hunting in industrial internet of things edge devices |
| topic | IIoT Threat hunting Edge devices Multi-class anomalies Ensemble methods |
| url | http://www.sciencedirect.com/science/article/pii/S2352864822001857 |
| work_keys_str_mv | AT abbasyazdinejad accuratethreathuntinginindustrialinternetofthingsedgedevices AT behrouzzolfaghari accuratethreathuntinginindustrialinternetofthingsedgedevices AT alidehghantanha accuratethreathuntinginindustrialinternetofthingsedgedevices AT hadiskarimipour accuratethreathuntinginindustrialinternetofthingsedgedevices AT gautamsrivastava accuratethreathuntinginindustrialinternetofthingsedgedevices AT rezamparizi accuratethreathuntinginindustrialinternetofthingsedgedevices |