School of Cybersecurity, Korea University, Seoul 02841, Korea.
Sensors (Basel). 2021 Mar 11;21(6):1976. doi: 10.3390/s21061976.
Cybersecurity in Industrial Internet of Things (IIoT) has become critical as smart cities are becoming increasingly linked to industrial control systems (ICSs) used in critical infrastructure. Consequently, data-driven security systems for analyzing massive amounts of data generated by smart cities have become essential. A representative method for analyzing large-scale data is the game bot detection approach used in massively multiplayer online role-playing games. We reviewed the literature on bot detection methods to extend the anomaly detection approaches used in bot detection schemes to IIoT fields. Finally, we proposed a process wherein the data envelopment analysis (DEA) model was applied to identify features for efficiently detecting anomalous behavior in smart cities. Experimental results using random forest show that our extracted features based on a game bot can achieve an average F1-score of 0.99903 using 10-fold validation. We confirmed the applicability of the analyzed game-industry methodology to other fields and trained a random forest on the high-efficiency features identified by applying a DEA, obtaining an F1-score of 0.997 using the validation set approach. In this study, an anomaly detection method for analyzing massive smart city data based on a game industry methodology was presented and applied to the ICS dataset.
工业物联网 (IIoT) 中的网络安全变得至关重要,因为智慧城市越来越多地与用于关键基础设施的工业控制系统 (ICS) 相连。因此,用于分析智慧城市产生的大量数据的数据驱动安全系统变得至关重要。分析大规模数据的一种代表性方法是在大型多人在线角色扮演游戏中使用的游戏机器人检测方法。我们回顾了关于机器人检测方法的文献,将机器人检测方案中使用的异常检测方法扩展到 IIoT 领域。最后,我们提出了一个流程,其中应用数据包络分析 (DEA) 模型来识别特征,以有效地检测智慧城市中的异常行为。使用随机森林的实验结果表明,我们基于游戏机器人提取的特征在 10 倍验证中可实现平均 F1 得分为 0.99903。我们确认了所分析的游戏行业方法在其他领域的适用性,并在应用 DEA 确定的高效特征上训练了随机森林,使用验证集方法获得了 0.997 的 F1 得分。在这项研究中,提出了一种基于游戏行业方法的大规模智慧城市数据分析异常检测方法,并将其应用于 ICS 数据集。
