Investigations of Estimates of the Network Traffic Entropy of the IIoT for the Purpose of Early Attack Detection

Авторы

  • Андрей Сергеичев МИЭМ ВШЭ Автор

Ключевые слова:

Information entropy, Communication networks, Anomaly detection, Internet of Things, Computer security, информационная энтропия, сети связи, обнаружение аномалий, Интернет вещей, компьютерная безопасность

Аннотация

The research explores the correlation between the occurrence of an attack and changes in the entropy properties of network traffic. The input data represents a sample of the network communication activity of the IIoT control system, and the attacks that have been realize on it.
Network traffic is filtered from service information and digitized by frequency analysis of the content of each recorded packet. This process allows to save the key properties of the traffic. The data is being aggregated by the cumulative function. Then samples can be calculated according to the principle of a sliding window. The window shifts with a set time step, which supports with dynamic monitor changes in network traffic and identify potential threats in real time. Each sample represents a divergence of the distributions. There is no anomaly in traffic if the difference in the distributions is close to zero. The sensitivity of the algorithm to anomaly detection depends on the choice of parameters such as the length of the aggregation time interval, the sliding window dimension, and the offset step. It is expected that the obtained measures of dependence of casual processes allows it resource-efficient and more effective to determine the fact of intrusions into IIoT systems than signature analysis. Such algorithm can potentially increase the level of security and resistance to attack, which is particularly important in the face of growing threats in digital environment.

Ссылка для цитирования: A. Sergeichev, «Investigations of Estimates of the Network Traffic Entropy of the IIoT for the Purpose of Early Attack Detection», Systems Engineering and Infocommunications, No. 1, pp. 22–26, Mar. 2025, doi: 10.5281/zenodo.15111797.

Биография автора

  • Андрей Сергеичев, МИЭМ ВШЭ

    студент департамента Электронной инженерии Московского института электроники и математики им. А.Н. Тихонова Национального исследовательского университета «Высшая школа экономики», г. Москва, Россия

Библиографические ссылки

D. Kutuzov, A. Osovsky, O. Stukach, D. Starov, "Modeling of IIoT Traffic Processing by Intra-Chip NoC Routers of 5G/6G Networks". 2021 International Siberian Conference on Control and Communications (SIBCON). 13-15 May 2021, Kazan, Russia. Publisher: IEEE. Electronic ISBN: 978-1-7281-8504-0, USB ISBN: 978-1-7281-8503-3, Online ISSN: 2380-6516, DOI: 10.1109/SIBCON50419.2021.9438874.

Denis Kutuzov, Alexey Osovsky, Dmitriy Starov, Oleg Stukach, Ekaterina Motorina. "Processing of the Gaussian Traffic from IoT Sources by Decentralized Routing Devices". 2019 International Siberian Conference on Control and Communications (SIBCON). 18-20 April 2019, Tomsk, Russia. Publisher: IEEE. Electronic ISBN: 978-1-5386-5142-1. DOI: 10.1109/SIBCON.2019.8729617.

Kutuzov D.V., Osovsky A.V., Stukach O.V. Model of IoT Trafic Generation and Processing by Parallel Switch Systems // Vestnik SibSUTI, 2019, no. 4, pp. 78-87.

H Gascon, A. Orfila, J. Blasco, "Analysis of update delays in Signature-based Network Intrusion Detection Systems," Computers & Security (2011), DOI: 10.1016/j.cose.2011.08.010.

Bereziński P, Jasiul B, Szpyrka M., "An Entropy-Based Network Anomaly Detection Method. Entropy," 2015; 17(4):2367-2408., DOI: 10.3390/e17042367.

Yu, H., Yang, W., Cui, B. et al., "Renyi entropy-driven network traffic anomaly detection with dynamic threshold," Cybersecurity 7, 64 (2024), DOI: 10.1186/s42400-024-00249-1.

S. Sharma, S. K. Sahu and S. K. Jena, "On selection of attributes for entropy based detection of DDoS," 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Kochi, India, 2015, pp. 1096-1100, DOI: 10.1109/ICACCI.2015.7275756.

Kenyon A, Deka L, Elizondo D., "Characterising Payload Entropy in Packet Flows—Baseline Entropy Analysis for Network Anomaly Detection," Future Internet. 2024; 16(12):470, DOI: 10.3390/fi16120470.

A.Yu. Efimov, "Using the entropy characteristics of network traffic to determine its abnormality," Programmnye Produkty i Sistemy, no. 1, pp. 83–90, 2021. Available: https://swsys.ru/index.php?page=article&id=4783. [Accessed: Jan. 27, 2025].

O. Subasi, J. Manzano and K. Barker, "Denial of Service Attack Detection via Differential Analysis of Generalized Entropy Progressions," 2023 IEEE International Conference on Cyber Security and Resilience (CSR), Venice, Italy, 2023, pp. 219-226, DOI: 10.1109/CSR57506.2023.10224957.

M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Information metrics for low-rate DDoS attack detection: A comparative evaluation," 2014 Seventh International Conference on Contemporary Computing (IC3), Noida, India, 2014, pp. 80-84, DOI: 10.1109/IC3.2014.6897151.

Winter, P., Lampesberger, H., Zeilinger, M., Hermann E., "On Detecting Abrupt Changes in Network Entropy Time Series," In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds) Communications and Multimedia Security. CMS 2011. Lecture Notes in Computer Science, vol 7025. Springer, Berlin, Heidelberg, DOI: 10.1007/978-3-642-24712-5_18.

MITRE, "MITRE ATT&CK: Adversarial Tactics, Techniques, and Common Knowledge," [Online]. Available: https://attack.mitre.org. [Accessed: 27-Jan-2025].

Bhukya Madhu, Sanjib Kumar Nayak, Veerender Aerranagula, E. Srinath, Mamidi Kiran Kumar, Jitendra Kumar Gupta, "IoT Network Attack Severity Classification," E3S Web Conf. 430 01152 (2023), DOI: 10.1051/e3sconf/20234300115.

A. Osovsky, D. Kutuzov, D. Starov, R. Bakalaeva, O. Stukach, "Comparison of Machine Learning Methods for IoT and IIoT Traffic Prediction", International Seminar on Electron Devices Design and Production (SED), 2024 October 02-03, Sochi, Russian Federation, Publisher: IEEE, DOI: 10.1109/SED63331.2024.10741069.

D. Kutuzov, A. Osovsky, O. Stukach, N. Maltseva, D. Starov, "Modeling the Processing of Non-Poissonian IIoT Traffic by Intra-Chip Routers of Network Data Processing Devices", Dynamics of Systems, Mechanisms and Machines (Dynamics), 2021, 9-11 Nov., Omsk, Russian Federation, pp. 1-4, doi: 10.1109/Dynamics52735.2021.9653703.

Sergeichev A.V., Stukach O.V. "Entrophy Evaluation of IIoT Trafic for the Anomaly Detection", Electronics, Electrical Engineering and Energetics: 31-th Intern. Sci.-Tech. Conference, MPEI, March 13-15, 2025, 1244 p. ISBN 978-5-907732-36-0, p. 329, https://reepe.mpei.ru/abstracts/Documents/Blok_doklad_2025_fin.pdf

Загрузки

Опубликован

31.03.2025

Выпуск

№ 1 (2025): Системная инженерия и инфокоммуникации / Systems Engineering and Infocommunications

Раздел

Информационная безопасность

Лицензия

Copyright (c) 2025 Системная инженерия и инфокоммуникации

Лицензия Creative Commons

Это произведение доступно по лицензии Creative Commons «Attribution-ShareAlike» («Атрибуция — На тех же условиях») 4.0 Всемирная.

Как цитировать

Investigations of Estimates of the Network Traffic Entropy of the IIoT for the Purpose of Early Attack Detection. (2025). Системная инженерия и инфокоммуникации, 1, 22-26. https://sys-engine.ru/index.php/SEI/article/view/2