Abstract
The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Esfahani, A., et al.: A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet Things J. (2017). https://doi.org/10.1109/JIOT.2017.2737630
Finsterbusch, M., Richter, C., Rocha, E., Muller, J.A., Hanssgen, K.: A survey of payload-based traffic classification approaches. IEEE Commun. Surv. Tutor. 16(2), 1135–1156 (2014)
Shi, H., Li, H., Zhang, D., Cheng, C., Cao, X.: An efficient feature generation approach based on deep learning and feature selection techniques for traffic classification. Comput. Netw. 132, 81–98 (2018)
Zhang, J., Chen, C., Xiang, Y., Zhou, W., Xiang, Y.: Internet traffic classification by aggregating correlated naive Bayes predictions. IEEE Trans. Inf. Forensics Secur. 8(1), 5–15 (2013)
Valenti, S., Rossi, D., Dainotti, A., Pescapè, A., Finamore, A., Mellia, M.: Reviewing traffic classification. In: Biersack, E., Callegari, C., Matijasevic, M. (eds.) Data Traffic Monitoring and Analysis. LNCS, vol. 7754, pp. 123–147. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36784-7_6
Zhang, J., Chen, X., Xiang, Y., Zhou, W., Wu, J.: Robust network traffic classification. IEEE/ACM Trans. Netw. (TON) 23(4), 1257–1270 (2015)
Kim, H., Claffy, K.C., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: Proceedings of the 2008 ACM CoNEXT Conference, pp. 11:1–11:12. ACM (2008)
Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. ACM SIGCOMM Comput. Commun. Rev. 36(5), 7–15 (2006)
Nguyen, T.T., Armitage, G.: A survey of techniques for internet traffic classification using machine learning. IEEE Commun. Surv. Tutor. 10(4), 56–76 (2008)
McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Barakat, C., Pratt, I. (eds.) PAM 2004. LNCS, vol. 3015, pp. 205–214. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24668-8_21
Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: Proceedings of the SIGCOMM Workshop on Mining network data, pp. 281–286. ACM (2006)
Moore, A.W., Zuev, D.: Internet traffic classification using Bayesian analysis techniques. ACM SIGMETRICS Perform. Eval. Rev. 33(1), 50–60 (2005)
Acknowledgment
The authors would like to thank Infineon Technologies, especially Christian Zechner and Stephan Spittaler for their great support in data acquisition and identifying the addressed challenges. It is also acknowledged that this work has been developed within Power Semiconductor and Electronics Manufacturing 4.0 (SemI40) project, under grant agreement No. 692466, co-funded by grants from Austria, Germany, Italy, France, Portugal (through Fundação para a Ciência e Tecnologia ECSEL/0009/2015) and Electronic Component Systems for European Leadership Joint Undertaking (ECSEL JU).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Saghezchi, F.B. et al. (2019). Machine Learning to Automate Network Segregation for Enhanced Security in Industry 4.0. In: Sucasas, V., Mantas, G., Althunibat, S. (eds) Broadband Communications, Networks, and Systems. BROADNETS 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 263. Springer, Cham. https://doi.org/10.1007/978-3-030-05195-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-05195-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05194-5
Online ISBN: 978-3-030-05195-2
eBook Packages: Computer ScienceComputer Science (R0)