Improving Method of Anomaly Detection Performance for Industrial IoT Environment
  • Junwon Kim1, Jiho Shin2, Ki-Woong Park3, Jung Taek Seo4,*
1 Department of Information Security Engineering, Gachon University, Seongnam, 13120, Korea
2 Police Science Institute, Korea National Police University, Asan, 31539, Korea
3 SysCore Lab., Sejong University, Seoul, 05006, Korea
4 Department of Computer Engineering, Gachon University, Seongnam, 13120, Korea
Industrial Control System (ICS), which is based on Industrial IoT (IIoT), has an intelligent mobile environment that supports various mobility, but there is a limit to relying only on the physical security of the ICS environment. Due to various threat factors that can disrupt the workflow of the IIoT, machine learning-based anomaly detection technologies are being presented; it is also essential to study for increasing detection performance to minimize model errors for promoting stable ICS operation. In this paper, we established the requirements for improving the anomaly detection performance in the IIoT-based ICS environment by analyzing the related cases. After that, we presented an improving method of the performance of a machine learning model specialized for IIoT-based ICS, which increases the detection rate by applying correlation coefficients and clustering; it provides a mechanism to predict thresholds on a per-sequence. Likewise, we adopted the HAI dataset environment that actively reflected the characteristics of IIoT-based ICS and demonstrated that performance could be improved through comparative experiments with the traditional method and our proposed method. The presented method can further improve the performance of commonly applied error-based detection techniques and includes a primary method that can be enhanced over existing detection techniques by analyzing correlation coefficients between features to consider feedback between ICS components. Those can contribute to improving the performance of several detection models applied in ICS and other areas.
Industrial IoT; industrial control system; anomaly detection; clustering algorithm; correlation coefficient
