Abstract
Industry 4.0 holds the promise of greater automation and productivity but also introduces new security risks to critical industrial control systems from unsecured devices and machines. Networks need to play a larger role in stopping attacks before they disrupt essential infrastructure as host-centric IT security solutions, such as anti-virus and software patching, have been ineffective in preventing IoT devices from getting compromised. We propose a network-centric, behavior-learning based, anomaly detection approach for securing such vulnerable environments. We demonstrate that the predictability of TCP traffic from IoT devices can be exploited to detect different types of DDoS attacks in real-time, using unsupervised machine learning (ML). From a small set of features, our ML classifier can separate normal and anomalous traffic. Our approach can be incorporated in a larger system for identifying compromised end-points despite IP spoofing, thus allowing the use of SDN-based mechanisms for blocking attack traffic close to the source. Compared to supervised ML methods, our unsupervised ML approaches are easier to instrument and are more effective in detecting new and unseen attacks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
