Industrial Internet of Things ARP Virus Attack Detection Method Based on Improved CNN BiLSTM
DOI:
https://doi.org/10.13052/jcsm2245-1439.13516Keywords:
CNN, BILSTM, pearson correlation coefficient, sequential search, TimeDistribute, bidirectional long short term memory networkAbstract
In order to improve the performance of industrial Internet of Things ARP virus attack detection methods, this paper proposes an improved CNN BiLSTM based industrial Internet of Things ARP virus attack detection method. Firstly, analyze the data flow of normal data, construct an industrial Internet of Things ARP virus intrusion dataset, and obtain the sample distribution of the ETI dataset. Secondly, based on the domain knowledge of ETCN, a preliminary manual selection was performed on all extracted head features, and a feature correlation discrimination algorithm was designed to further screen the features. Then, the Pearson correlation coefficient is used to calculate its linear correlation, the distance correlation coefficient is used to calculate its nonlinear correlation, and a comprehensive calculation formula is designed based on the principle of “maximum correlation and minimum redundancy” to establish a comprehensive measurement coefficient. The value of the features selected in the first stage is ranked using this coefficient, and different feature subsets are constructed through sequential search. Effective features are selected based on the performance of the intrusion detection models trained on different feature subsets. Implement industrial Internet of Things (IoT) ARP feature extraction through feature extraction, data cleaning, feature transformation, and feature selection. Finally, an improved CNN BiLSTM structure is constructed by using CNN to filter out a large number of packets that are not related to the attack and have weak correlation in the data. Significant features are extracted from the data, and the feature data extracted by CNN is timestamped through timeDistribution. After flattening into one-dimensional data through the flat layer, it is used as input to the BILSTM layer. We used a bidirectional long short-term memory network (BILSTM) to train industrial IoT ARP virus attacks and output the final ARP virus attack detection results. The experimental results show that in the first 10 rounds of training, the training accuracy and validation accuracy of the model rapidly increase, indicating that the model learns a large amount of information in this stage of iteration. We achieved high F1 score (94.42%), high accuracy (94.58%), and low false alarm rate (5.33%) on the ETI dataset. The model consumed very little training time (8.0746s) and testing time (0.1664s). Verified the effectiveness of the design model.
Downloads
References
Qian Hongbing, Li Yanli. Design and implementation of a university network attack detection platform based on the Spark framework [J]. Digital Technology and Applications, 2023, 41 (5): 214–217.
Shen Wuqiang, Cui Lei, Xu Mingjie, et al. Research on SQL injection attack detection based on ABLSTM [J]. Micro Computer Application, 2023, 39 (3): 43–46.
Sheng Quanwei. An Intelligent Detection Method for Network Vulnerability Attacks Based on Correlation Analysis [J]. Information and Computer (Theoretical Edition), 2022, 34 (13): 238–240.
Niu Xiaojun. Autonomous detection method for DDoS attacks based on BP neural network [J]. Communication Power Technology, 2023, 40 (3): 153–155.
Li Tongxin, Wang Yong, Zou Chunming, et al. An IFAR attack detection algorithm based on DNP3 protocol [J]. Microcomputer Applications, 2022, 38 (11): 1–5.
Wu Lian, Zhao Chenjie, Wei Pingping, et al. A Computer Virus Detection Method Based on Lightweight Deep Networks [J]. Computer Engineering and Design, 2022, 43 (3): 632–638.
Yang Shixin, Fan Jiulun, Huang Wenhua, et al. Ransom virus detection system based on Android dynamic static fusion industrial equipment [J]. Journal of Xi’an University of Posts and Telecommunications, 2022, 27 (02): 95–101.
Ying Xianer, Chen Xiner, Sun Leyao, et al. Research on Virus Transmission Network Intrusion Detection Based on Graph Neural Networks [J]. Industrial Control Computer, 2023, 36 (5): 104–105.
Yuan Huihua. Research on Anomaly Threat Detection Based on Network Full Traffic Analysis Technology [J]. Changjiang Information and Communication, 2022, 35 (11): 137–139.
Hao Wentao. Research on Traffic Based Intrusion Detection Technology in Industrial Control Networks [J]. Computer Application Abstracts, 2023, 39 (16): 97–100.
Jiang Xiaojing, Wei Yifei. Research and exploration on the detection and prevention of unknown Trojan viruses [J]. China Financial Computer, 2023 (8): 88–90.
Jia Junjie, Duan Chaoqiang. Torch attack detection algorithm based on score dispersion [J]. Computer Engineering and Science, 2022, 44 (03): 554–562.
Fan Yuchen, Liu Xiangkun, Zhu Jiansheng, et al. Research on Web Attack Detection of Service Websites Based on BERT [J]. Computer Technology and Development, 2022, 32 (08): 168–173.
Li Peng, Wang Fangyuan. Design of Network Illegal Intrusion Detection System Based on Big Data Environment [J]. Information Recording Materials, 2022, 23 (11): 223–225.
Feng Guocong, Fan Kai, Ye Wanqi. Design of Network Intrusion Detection System Based on Convolutional Neural Network [J]. Microcomputer Applications, 2023,39 (05): 141–143+154.
Yu Ning, Gu Liang, Di Ting. A Network Attack Detection Model Based on Deep Learning [J]. Fire and Command Control, 2023, 48 (5): 66–74.
Hu Yidan. Cross site Script Attack Detection Model Based on Convolutional Neural Networks [J]. Ship Electronics Engineering, 2023, 43 (6): 110–115.
Sun Qian, Wu Ming. Simulation of Network Client Virus Defense Method under N-Gram Model [J]. Computer Simulation, 2022,39 (10): 400–404.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
