KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Efficient SVH2M for information anomaly detection in manufacturing processes on system call

  • Chao-Hsien Hsieh (College of Engineering, Xi'an International University) ;
  • Fengya Xu (School of Cyber Science and Engineering, Qufu Normal University) ;
  • Qingqing Yang (School of Cyber Science and Engineering, Qufu Normal University) ;
  • Dehong Kong (School of Cyber Science and Engineering, Qufu Normal University)
  • Received : 2024.04.25
  • Accepted : 2024.09.29
  • Published : 2024.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the integration of the manufacturing process in the Internet, cybersecurity becomes even more important in the process of factory operations. Because of the complexity of data traffic in the manufacturing industry, the identification and classification of anomalous behavior is an important direction of current research. System calls are made at the operating system level. Therefore, the use of system call sequences can detect potential threats much earlier. So, this paper chooses system call information as the research object. System call orderliness is an ideal property for analysis of using hidden Markov model. In terms of methodology, the SVH2M model improves the performance and efficiency of attack detection in manufacturing systems. The SVH2M model combines pSVM with mHMM. The pSVM and mHMM models use SVMPSA and PATA. pSVM is first used to initially categorize the system call sequences into normal and abnormal categories. The classification of pSVM can reduce the amount of data. This reduces the error rate of mHMM processing. Next, mHMM is built for different types of known anomalies. The SVH2M model in the false positive rate is lower than that of hidden Markov model. The experimental results show that the AUC of the improved model is increased by 17%. The average Mismatch Rate is reduced by 16%. The performance and efficiency of detecting anomalous information are improved in manufacturing systems.

Keywords

Acknowledgement

This work was supported by the Initiation Funds for High-level Talents Program of Xi'an International University (grant no. XAIU202411).

References

  1. N. Moustafa, N. Koroniotis, M. Keshk, A. Y. Zomaya and Z. Tari, "Explainable Intrusion Detection for Cyber Defences in the Internet of Things: Opportunities and Solutions," IEEE Communications Surveys & Tutorials, vol.25, no.3, pp.1775-1807, thirdquarter 2023. https://doi.org/10.1109/COMST.2023.3280465
  2. M. Nuaimi, L. C. Fourati and B. B. Hamed, "Intelligent Approaches Toward Intrusion Detection Systems for Industrial Internet of Things: A Systematic Comprehensive Review," Journal of Network and Computer Applications, vol.215, Jun. 2023.
  3. J. Qian, X. Du, B. Chen, B. Qu, K. Zeng and J. Liu, "Cyber-Physical Integrated Intrusion Detection Scheme in SCADA System of Process Manufacturing Industry," IEEE Access, vol.8, pp.147471- 147481, Aug. 2020. https://doi.org/10.1109/ACCESS.2020.3015900
  4. S. Alem, D. Espes, L. Nana, E. Martin and F. De Lamotte, "A Novel bi-anomaly-based Intrusion Detection System Approach for Industry 4.0," Future Generation Computer Systems, vol.145, pp.267-283, 2023. https://doi.org/10.1016/j.future.2023.03.024
  5. R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, "Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation," in Proc. of DARPA Information Survivability Conference and Exposition, DISCEX'00, vol.2, pp.12-26, SC, USA, Jan. 2000.
  6. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, "Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation," in Proc. of third International Workshop, Recent Advances in Intrusion Detection, LNCS, vol.1907, pp.162-182, France, 2000.
  7. Z. Liu, N. Japkowicz, R. Wang, Y. Cai, D. Tang, and X. Cai, "A statistical pattern based feature extraction method on system call traces for anomaly detection," Information and Software Technology, vol.126, Oct. 2020.
  8. F. Yu, C. Xu, Y. Shen, J.-Y. An, and L.-F. Zhang, "Intrusion detection based on system call finitestate automation machine," in Proc. of 2005 IEEE International Conference on Industrial Technology, pp.63-68, Hong Kong, China, Dec. 2005.
  9. X. Zhang, Z. Zhu and P. Fan, "Intrusion detection based on cross-correlation of system call sequences," in Proc. of 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'05), pp.7-283, Hong Kong, China, Nov. 2005.
  10. S. Lv, J. Wang, Y. Yang and J. Liu, "Intrusion Prediction with System-call Sequence-to-sequence Model," IEEE Access, vol.6, pp.71413-71421, Nov. 2018. https://doi.org/10.1109/ACCESS.2018.2881561
  11. A. Al-Saleh, "A balanced communication-avoiding support vector machine decision tree method for smart intrusion detection systems," Scientific Reports, vol.13, no.1, Jun. 2023.
  12. M. A. Almaiah, O. Almomani, A. Alsaaidah, S. Al-Otaibi, N. Bani-Hani, A. K. Al Hwaitat, A. Al-Zahrani, A. Lutfi, A. B. Awad, T. H. H. Aldhyani, "Performance Investigation of Principal Component Analysis for Intrusion Detection System Using Different Support Vector Machine Kernels," Electronics, vol.11, no.21, Nov. 2022.
  13. A. A. Alqarni, "Toward support-vector machine-based ant colony optimization algorithms for intrusion detection," Soft Computing, vol.27, no.10, pp.6297-6305, May 2023. https://doi.org/10.1007/s00500-023-07906-6
  14. M. Hosseinzadeh, A. M. Rahmani, B. Vo, M. Bidaki, M. Masdari, and M. Zangakani, "Improving security using SVM-based anomaly detection: issues and challenges," Soft Computing, vol.25, pp.3195-3223, Feb. 2021. https://doi.org/10.1007/s00500-020-05373-x
  15. T. Shawly, "A Detection and Response Architecture for Stealthy Attacks on Cyber-Physical Systems," JOIV International Journal on Informatics Visualization, vol.7, no.3, pp.801-807, Sep. 2023. https://doi.org/10.30630/joiv.7.3.1323
  16. C. Dong, H. Wu and Q. Li, "Multiple Observation HMM-Based CAN Bus Intrusion Detection System for In-Vehicle Network," IEEE Access, vol.11, pp.35639-35648, Apr. 2023.
  17. T. Shawly, M. Khayat, A. Elghariani and A. Ghafoor, "Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks," IEEE Network, vol.34, no.3, pp.240-248, May/Jun. 2020.
  18. R. Agarwal and M. V. Joshi, "PNrule: A New Framework for Learning Classifier Models in Data Mining (a Case-Study in Network Intrusion Detection)," in Proc. of the 2001 SIAM International Conference on Data Mining, pp.1-17, 2001.
  19. E. Nikolova and V. Jecheva, "Some similarity coefficients and application of data mining techniques to the anomaly-based IDS," Telecommunication Systems, vol.50, no.2, pp.127-135, 2012. https://doi.org/10.1007/s11235-010-9390-3
  20. S. Forrest, S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, "A sense of self for Unix processes," in Proc. of 1996 IEEE Symposium on Security and Privacy, pp.120-128, 1996.
  21. S. A. Hofmeyr, S. Forrest and A. Somayaji, "Intrusion detection using sequences of system calls," Journal of Computer Security, vol.6, no.3, pp.151-180, 1998. https://doi.org/10.3233/JCS-980109
  22. P. Khandelwal, P. Likhar and R. S. Yadav, "Machine Learning Methods leveraging ADFA-LD Dataset for Anomaly Detection in Linux Host Systems," in Proc. of 2022 2nd International Conference on Intelligent Technologies (CONIT), pp.1-8, Hubli, India, 2022.
  23. S. Wunderlich, M. Ring, D. Landes and A. Hotho, "Comparison of System Call Representations for Intrusion Detection," in Proc. of International Joint Conference: 12th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2019) and 10th International Conference on EUropean Transnational Education (ICEUTE 2019), AISC, vol.951, Springer, Seville, Spain, pp.14-24, May. 2020.
  24. I. Rosenberg and E. Gudes, "Bypassing system calls-based intrusion detection systems," Concurrency and Computation: Practice and Experience, vol.29, no.16, Aug. 2017.
  25. M. Xie, J. Hu and J. Slay, "Evaluating host-based anomaly detection systems: Application of the one-class SVM algorithm to ADFA-LD," in Proc. of 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp.978-982, Xiamen, China, 2014.
  26. G. Creech and J. Hu, "Generation of a new IDS test dataset: Time to retire the KDD collection," in Proc. of 2013 IEEE Wireless Communications and Networking Conference (WCNC), pp.4487-4492, Shanghai, China, Apr. 2013.
  27. K. Cho, K. Mitsuya and A. Kato, "Traffic data repository at the WIDE project," in Proc. of the annual conference on USENIX Annual Technical Conference (ATEC '00), USENIX Association, USA, 2000. Article (CrossRefLink)