Exploring the Power of Convolutional Neural Networks for Encrypted Industrial Protocols Recognition

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F24%3APU149997" target="_blank" >RIV/00216305:26220/24:PU149997 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.sciencedirect.com/science/article/abs/pii/S2352467723002771" target="_blank" >https://www.sciencedirect.com/science/article/abs/pii/S2352467723002771</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.segan.2023.101269" target="_blank" >10.1016/j.segan.2023.101269</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Exploring the Power of Convolutional Neural Networks for Encrypted Industrial Protocols Recognition

Popis výsledku v původním jazyce

The main objective of this paper is to classify unencrypted and encrypted industrial protocols using deep learning, especially Convolutional Neural Networks. Protocol recognition is important for network security and network analysis. Overall knowledge of industrial protocols and networks is crucial, especially in operational technologies. Five industrial protocol standards are under investigation, namely IEC 60870-5-104, IEC 61850 (MMS, GOOSE, SV) and Modbus/TCP. It is also investigated whether the selected protocols can be recognized in their encrypted version. Furthermore, it is investigated whether this encrypted traffic is recognizable from the use of VPN technology. Three convolutional neural network models were trained to recognize industrial protocols. These networks outperform traditional machine learning in pattern recognition in several areas of classification. By converting the captured traffic into image data that convolutional neural networks work with, differences in the encrypted traffic of different industrial protocols can be recognized. Three scenarios (1D, 2D, PKT) are presented using convolutional neural network models with 1D and 2D architectures. Training, testing and validation data are used to verify each scenario. An accuracy of 96-97 % is achieved for the recognition of unencrypted and encrypted industrial protocols. According to the results, 2D convolutional neural network model is faster than 1D and PKT models. The 1D and 2D models are suitable for use in protocol specific networks. Another application of these models can be anomaly detection in these networks. The PKT model is useful in networks with multiple industry protocols because it can evaluate network traffic on a packet-by-packet basis.

Název v anglickém jazyce

Exploring the Power of Convolutional Neural Networks for Encrypted Industrial Protocols Recognition

Popis výsledku anglicky

The main objective of this paper is to classify unencrypted and encrypted industrial protocols using deep learning, especially Convolutional Neural Networks. Protocol recognition is important for network security and network analysis. Overall knowledge of industrial protocols and networks is crucial, especially in operational technologies. Five industrial protocol standards are under investigation, namely IEC 60870-5-104, IEC 61850 (MMS, GOOSE, SV) and Modbus/TCP. It is also investigated whether the selected protocols can be recognized in their encrypted version. Furthermore, it is investigated whether this encrypted traffic is recognizable from the use of VPN technology. Three convolutional neural network models were trained to recognize industrial protocols. These networks outperform traditional machine learning in pattern recognition in several areas of classification. By converting the captured traffic into image data that convolutional neural networks work with, differences in the encrypted traffic of different industrial protocols can be recognized. Three scenarios (1D, 2D, PKT) are presented using convolutional neural network models with 1D and 2D architectures. Training, testing and validation data are used to verify each scenario. An accuracy of 96-97 % is achieved for the recognition of unencrypted and encrypted industrial protocols. According to the results, 2D convolutional neural network model is faster than 1D and PKT models. The 1D and 2D models are suitable for use in protocol specific networks. Another application of these models can be anomaly detection in these networks. The PKT model is useful in networks with multiple industry protocols because it can evaluate network traffic on a packet-by-packet basis.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/FW07010004" target="_blank" >FW07010004: Využití předností sítí páté generace pro monitorování, optimalizaci a zefektivnění výrobního procesu v chytrých továrnách</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Sustainable Energy, Grids and Networks

ISSN

2352-4677

e-ISSN

—

Svazek periodika

38

Číslo periodika v rámci svazku

June 2024

Stát vydavatele periodika

GB - Spojené království Velké Británie a Severního Irska

Počet stran výsledku

11

Strana od-do

1-11

Kód UT WoS článku

001172210100001

EID výsledku v databázi Scopus

2-s2.0-85182874251