Abstract

Issues of improving algorithms for detecting network attacks in a heterogeneous industrial Internet of Things network based on machine learning technologies for subsequent integration with subsystems of a security operation center are considered. A block diagram of a network attack detection system and an algorithm for the intelligent analysis of network traffic parameters in the task of detecting malicious network activity are developed. Variants of constructing ensembles of classifiers based on machine learning models and heterogeneous neural network models are analyzed. The F1 score for test samples from publicly available datasets of labeled network traffic is as high as 96%. The possibility of embedding the proposed models into software and hardware modules is discussed. A virtual testbed for assessing the effectiveness of machine learning models for detecting network attacks is developed.

中文翻译：

---

基于机器学习的异构工业网络中的网络攻击检测

摘要

考虑基于机器学习技术改进异构工业物联网网络中网络攻击检测算法，以便后续与安全运营中心子系统集成的问题。开发了网络攻击检测系统的框图和在检测恶意网络活动的任务中智能分析网络流量参数的算法。分析了基于机器学习模型和异构神经网络模型构建分类器集成的变体。来自公开的标记网络流量数据集的测试样本的 F1 分数高达 96%。讨论了将所提出的模型嵌入到软件和硬件模块中的可能性。