Trees Bootstrap Aggregation for Detection and Characterization of IoT-SCADA Network Traffic

The accelerated industrial transformation has witnessed the supervisory control and data acquisition (SCADA) transit from monolithic to the Internet of Things (IoT-SCADA). The development also transformed conventional specialized serial-based to transmission control protocol/internet protocol relian...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on industrial informatics Vol. 20; no. 4; pp. 1 - 12
Main Authors Ahakonye, Love Allen Chijioke, Nwakanma, Cosmas Ifeanyi, Lee, Jae-Min, Kim, Dong-Seong
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.04.2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Bootstrap aggregation
Communications traffic
Cybersecurity
decision trees
Encryption
ensemble
False alarms
IEC-60870-5-104 protocol
Industrial Internet of Things
industrial Internet of Things (IIoT)
Internet of Things
Internet of Things supervisory control and data acquisition (IoT-SCADA)
Intrusion
IP (Internet Protocol)
machine learning (ML)
Monitoring
network communication
Protocols
SCADA systems
Security
Supervisory control and data acquisition
Online AccessGet full text

Cover

More Information
Summary:The accelerated industrial transformation has witnessed the supervisory control and data acquisition (SCADA) transit from monolithic to the Internet of Things (IoT-SCADA). The development also transformed conventional specialized serial-based to transmission control protocol/internet protocol reliant standard communication protocols, such as IEC-60870-5-104 (IEC-104), thereby increasing vulnerability to attacks and intrusions. Maintaining the reliability and availability of IoT-SCADA demands versatile and robust monitoring of network traffic. This study proposes a monitoring technique to detect and characterize the IEC-104 IoT-SCADA network traffic. The proposed trees bootstrap aggregation monitoring technique of GridSearchCV() hyperparameter tuning of 11 n-estimator, 20 max-depth, and 5-k cross-validation achieved early detection and characterization. Experimental results demonstrate its sensitivity and precision in detecting and classifying various network traffic and application types at a minimal execution time while reducing false alarm rates, which is vital for mitigating intrusions in heterogeneous IoT-SCADA networks.
ISSN:1551-3203
1941-0050
DOI:10.1109/TII.2023.3333438