Fiden: Intelligent Fingerprint Learning for Attacker Identification in the Industrial Internet of Things.
作者:
Yuanfang Chen;Weitong Hu;Muhammad Alam;Ting Wu
作者机构:
Hangzhou Dianzi Univ, Sch Cyberspace, Hangzhou 310018, Peoples R China.
语种:
英文
关键词:
Security;Industries;Feature extraction;Protocols;Voltage measurement;SCADA systems;Attacker identification;fingerprinting devices;Industrial Internet of Things (IIoT);Internet of Things Security
期刊:
IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS
ISSN:
1551-3203
年:
2021
卷:
17
期:
2
页码:
882-890
基金类别:
National Natural Science Foundation of ChinaNational Natural Science Foundation of China (NSFC); Project of Qianjiang Talent [61802097, QJD1802020]
摘要:
This article studies the attacker identification issue in the Industrial Internet of Things (IIoT). There have been already some work that uses device fingerprinting to identify attackers, and the transmission offset of the device internal clock signals is used as the device's fingerprint. However, the existing work to measure the offset relies on the periodic transmission of signals, but in many types of IIoT devices, the signal transmission is aperiodic. To eliminate the limitation on the periodicity, in this article, we design an algorithm, Fiden, to fingerprint heterogeneous IIoT devices without considering the periodicity. This algorithm extracts the patterns from the time series of signal transmission, and then learns the fingerprint of a device by clustering the patterns. We demonstrate the applicability of Fiden by a real case study on the communications environment of the vehicle industry. The results show that the proposed algorithm helps identify the devices-mounted attacks. Compared with the clock-based intrusion detection system (CIDS), when the timestamp and accumulated clock offset of the signal transmission are used as the features for pattern extraction, Fiden's accuracy is increased by
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$15{%}$</tex-math></inline-formula>
and
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$15{%}$</tex-math></inline-formula>
to these two features, precision is increased by
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$25{%}$</tex-math></inline-formula>
and
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$23{%}$</tex-math></inline-formula>
, recall is increased by
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$28{%}$</tex-math></inline-formula>
and
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$18{%}$</tex-math></inline-formula>
, and F1 score is increased by
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$28{%}$</tex-math></inline-formula>
and
<inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$21{%}$</tex-math></inline-formula>
.
