Abstract
Efficient anomaly detection methods are urgently needed to prevent attacks in the application layer of the Industrial Internet of Things (IIoT). The existing intrusion detection systems have certain limitations in detecting abnormal packets exploited by the application-layer attacks. In this article, a content-agnostic-payload-based anomaly detector named the CapBad is proposed to detect malicious packets in the application layer of the IIoT system. Specifically, a phase-aware hidden semi-Markov model (pHSMM) is used to model the industrial control protocol packets and automatically learn the packets’ payload characteristics. The packet types are then inferred based on the packet likelihoods obtained by the pHSMM. In addition, the probabilistic suffix tree is employed to analyze the packets’ contextual similarity to the historical packets. The abnormal packets are finally detected by comparing their contextual similarity with that of the historical normal packets. The proposed algorithm is verified by simulations, and the results show that the CapBad has an excellent performance in detecting abnormal packets in the application layer.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
