Open Access

ARTICLE

Identifying Industrial Control Equipment Based on Rule Matching and Machine Learning

Yuhao Wang, Yuying Li, Yanbin Sun, Yu Jiang^*

Cyberspace Institute of Advanced Technology (CIAT), Guangzhou University, Guangzhou, 510006, China

* Corresponding Author: Yu Jiang. Email:

(This article belongs to the Special Issue: Cyberspace Intelligent Mapping and Situational Awareness)

Computer Modeling in Engineering & Sciences 2023, 137(1), 577-605. https://doi.org/10.32604/cmes.2023.026791

Received 26 September 2022; Accepted 05 January 2023; Issue published 23 April 2023

Abstract

To identify industrial control equipment is often a key step in network mapping, categorizing network resources, and attack defense. For example, if vulnerable equipment or devices can be discovered in advance and the attack path can be cut off, security threats can be effectively avoided and the stable operation of the Internet can be ensured. The existing rule-matching method for equipment identification has limitations such as relying on experience and low scalability. This paper proposes an industrial control device identification method based on PCA-Adaboost, which integrates rule matching and machine learning. We first build a rule base from network data collection and then use single and multi-protocol rule-matching methods to identify the type of industrial control devices. Finally, we utilize PCA-Adaboost to identify unlabeled data. The experimental results show that the recognition rate of this method is better than that of the traditional Nmap device recognition method and the device recognition accuracy rate reaches 99%. The evaluation effect of the test data set is significantly enhanced.

---

Keywords

---