Skip to main content
SpringerLink
Log in

Networked Industrial Control Device Asset Identification Method Based on Improved Decision Tree

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Industrial control device asset identification is essential to the active defense and situational awareness system for industrial control network security. However, industrial control device asset information is challenging to obtain, and efficient asset detection models and identification methods are urgently needed. Existing active detection techniques send many packets to the system, affecting device operation, while passive identification can only analyze publicly available industrial control data. Based on this problem, we propose an asset identification method including networked industrial control device asset detection, fingerprint feature extraction and classification. The proposed method use TCP SYN semi-networked probing in the asset detection phase to reduce the number of packets sent and remove honeypot device data. The fingerprint feature extraction phase considers the periodicity and long-term stability characteristics of industrial control device and proposes a set of asset fingerprint feature combinations. The classification phase uses an improved decision tree algorithm based on feature weight correction and uses AdaBoost ensemble learning algorithm to strengthen the classification model. The experimental results show that the detection technique proposed by our method has the advantages of high efficiency, low frequency and noise immunity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Algorithm 1
Algorithm 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Availability of Data and Materials

More information about the data can be obtained by contacting the corresponding author.

Code Availability

More information about the code can be obtained by contacting the corresponding author.

References

  1. Yu, K., Tan, L., Mumtaz, S., Al-Rubaye, S., Al-Dulaimi, A., Bashir, A.K., Khan, F.A.: Securing critical infrastructures: deep-learning-based threat detection in IIoT. IEEE Commun. Mag. 59(10), 76–82 (2021)

    Article  Google Scholar 

  2. Zhang, D., Wang, Q.-G., Feng, G., Shi, Y., Vasilakos, A.V.: A survey on attack detection, estimation and control of industrial cyber-physical systems. ISA Trans. 116, 1–16 (2021)

    Article  Google Scholar 

  3. Park, M., Oh, H., Lee, K.: Security risk measurement for information leakage in IoT-based smart homes from a situational awareness perspective. Sensors 19(9), 2148 (2019)

    Article  Google Scholar 

  4. Liang, W., Li, K.-C., Long, J., Kui, X., Zomaya, A.Y.: An industrial network intrusion detection algorithm based on multifeature data clustering optimization model. IEEE Trans. Ind. Inf. 16(3), 2063–2071 (2019)

    Article  Google Scholar 

  5. Calderon, P.: Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Network Discovery and Security Scanning at Your Fingertips. Packt Publishing, Birmingham (2017)

    Google Scholar 

  6. Xenofontos, C., Zografopoulos, I., Konstantinou, C., Jolfaei, A., Khan, M.K., Choo, K.-K.R.: Consumer, commercial, and industrial IoT (in) security: attack taxonomy and case studies. IEEE Internet Things J. 9(1), 199–221 (2021)

    Article  Google Scholar 

  7. Yan, J., Cai, C., Du, Z., Li, J.: A detection method of lost assets based on feature optimization and active-passive detection. In: Proc. of SPIE Vol, vol. 12260, pp. 1226008–1 (2022)

  8. Houmz, A., Mezzour, G., Zkik, K., Ghogho, M., Benbrahim, H.: Detecting the impact of software vulnerability on attacks: a case study of network telescope scans. J. Netw. Comput. Appl. 195, 103230 (2021)

    Article  Google Scholar 

  9. Durumeric, Z., Wustrow, E., Halderman, J.A.: Zmap: Fast internet-wide scanning and its security applications. In: USENIX Security Symposium, vol. 8, pp. 47–53 (2013)

  10. Yarochkin, F.V., Arkin, O., Kydyraliev, M., Dai, S.-Y., Huang, Y., Kuo, S.-Y.: Xprobe2++: low volume remote network information gathering tool. In: 2009 IEEE/IFIP International Conference on Dependable Systems & Networks, pp. 205–210 (2009). IEEE

  11. Botta, A., Pescapé, A., Ventre, G.: Quality of service statistics over heterogeneous networks: analysis and applications. Eur. J. Oper. Res. 191(3), 1075–1088 (2008)

    Article  Google Scholar 

  12. Avallone, S., Emma, D., Pescapè, A., Ventre, G.: High performance internet traffic generators. J. Supercomput. 35, 5–26 (2006)

    Article  Google Scholar 

  13. Zakroum, M., François, J., Chrisment, I., Ghogho, M.: Monitoring network telescopes and inferring anomalous traffic through the prediction of probing rates. IEEE Trans. Netw. Serv. Manage. 19, 5170–5182 (2022)

    Article  Google Scholar 

  14. PLCScan the internet. http://www.scada.sl/2012/11/plcscan.html (2012)

  15. Bristow, M.: ModScan. https://code.google.com/archive/p/modscan/ (2020)

  16. Tyagi, R., Paul, T., Manoj, B., Thanudas, B.: Packet inspection for unauthorized OS detection in enterprises. IEEE Secur. Privacy 13(4), 60–65 (2015)

    Article  Google Scholar 

  17. Mavrakis, C.: Passive asset discovery and operating system fingerprinting in industrial control system networks. Wayback archive: http://web.archive.org/web/20190307110951/. https://pure.tue.nl/ws/files/46916656/840171-1.pdf (2015)

  18. Kollmann, E.: Chatter on the wire: a look at DHCP traffic. Online]. http://myweb.cableone.net/xnih/download/chatter-dhcp.pdf. Accessed 19 May 2010 (2007)

  19. Al Ghazo, A.T., Kumar, R.: ICS/SCADA device recognition: a hybrid communication-patterns and passive-fingerprinting approach. In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 19–24 (2019). IEEE

  20. Durumeric, Z., Adrian, D., Mirian, A., Bailey, M., Halderman, J.A.: A search engine backed by internet-wide scanning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 542–553 (2015)

  21. Simon, K., Moucha, C., Keller, J.: Contactless vulnerability analysis using google and Shodan. J. Univers. Comput. Sci. 23(4), 404–430 (2017)

    MathSciNet  Google Scholar 

  22. Liu, C., Alrowaili, Y., Saxena, N., Konstantinou, C.: Cyber risks to critical smart grid assets of industrial control systems. Energies 14(17), 5501 (2021)

    Article  Google Scholar 

  23. Dehlaghi-Ghadim, A., Balador, A., Moghadam, M.H., Hansson, H., Conti, M.: Icssim-a framework for building industrial control systems security testbeds. Comput. Ind. 148, 103906 (2023)

    Article  Google Scholar 

  24. Priya, V.D., Chakkaravarthy, S.S.: Containerized cloud-based honeypot deception for tracking attackers. Sci. Rep. 13(1), 1437 (2023)

    Article  Google Scholar 

  25. Networks, B.: Bayshore networks-industrial control cyber. https://bayshorenetworks.com/products/scrutiny/ (2023)

  26. The Leader in OT & IoT security and visibility. https://www.nozominetworks.com/?gclid=EAIaIQobChMIoa2B3oHI8AIVgyRgCh0vDQPTEAAYASAAEgKTFPD_BwE (2023)

  27. CyberX. https://cyberx-labs.com/ (2023)

  28. Gbadamosi, A.-Q., Oyedele, L.O., Delgado, J.M.D., Kusimo, H., Akanbi, L., Olawale, O., Muhammed-yakubu, N.: IoT for predictive assets monitoring and maintenance: an implementation strategy for the UK rail industry. Autom. Constr. 122, 103486 (2021)

    Article  Google Scholar 

  29. Song, J., Cho, C., Won, Y.: Analysis of operating system identification via fingerprinting and machine learning. Comput. Electric. Eng. 78, 1–10 (2019)

    Article  Google Scholar 

  30. Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. In: Passive and Active Network Measurement: 5th International Workshop, PAM 2004, Antibes Juan-les-Pins, France, April 19–20, 2004. Proceedings 5, pp. 158–167 (2004). Springer

  31. Yang, K., Li, Q., Wang, H., Sun, L., Liu, J.: Fingerprinting industrial IoT devices based on multi-branch neural network. Expert Syst. Appl. 238, 122371 (2024)

    Article  Google Scholar 

  32. Duan, C., Gao, H., Song, G., Yang, J., Wang, Z.: ByteIoT:: A practical IoT device identification system based on packet length distribution. IEEE Trans. Netw. Serv. Manage. 19(2), 1717–1728 (2021)

    Article  Google Scholar 

  33. Al-Shehari, T., Shahzad, F.: Improving operating system fingerprinting using machine learning techniques. Int. J. Comput. Theory Eng. 6(1), 57 (2014)

    Article  Google Scholar 

  34. Yang, Q., Yin, J., Ling, C., Pan, R.: Extracting actionable knowledge from decision trees. IEEE Trans. Knowl. Data Eng. 19(1), 43–56 (2006)

    Article  Google Scholar 

  35. Wei-hua, J., Wei-hua, L., Jun, D.: The application of icmp protocol in network scanning. In: Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 904–906 (2003). IEEE

  36. Shamsi, Z., Nandwani, A., Leonard, D., Loguinov, D.: Hershel: single-packet OS fingerprinting. ACM SIGMETRICS Perform. Eval. Rev. 42(1), 195–206 (2014)

    Article  Google Scholar 

  37. Naik, N., Shang, C., Jenkins, P., Shen, Q.: D-FRI-honeypot: a secure sting operation for hacking the hackers using dynamic fuzzy rule interpolation. IEEE Trans. Emerging Top. Comput. Intell. 5(6), 893–907 (2020)

    Google Scholar 

  38. Matherly, J.C.: Shodan the computer search engine. http://www.shodanhq.com/help (2009)

  39. Naik, N., Jenkins, P., Savage, N., Yang, L.: A computational intelligence enabled honeypot for chasing ghosts in the wires. Complex Intell. Syst. 7, 477–494 (2021)

    Article  Google Scholar 

  40. Lv, Z., Chen, D., Lou, R., Song, H.: Industrial security solution for virtual reality. IEEE Internet Things J. 8(8), 6273–6281 (2020)

    Article  Google Scholar 

  41. Wang, X., Liu, F.: Data-driven relay selection for physical-layer security: a decision tree approach. IEEE Access 8, 12105–12116 (2020)

    Article  Google Scholar 

  42. Niu, X., Ma, W.: Selective quantum ensemble learning inspired by improved AdaBoost based on local sample information. Complex Intell. Syst. 1–11 (2023)

Download references

Funding

This work was supported by National Key R &D Program of China NO.2021YFB3101700 and Technology project funding from State Grid Corporation of China NO.5700-202228452A-2-0-ZN.

Author information

Authors and Affiliations

  1. School of Software College, Northeastern University, Shenyang, China

    Wei Yang

  2. School of Computer Science and Engineering, Northeastern University, Shenyang, China

    Yushan Fang, Yijia Shen & Yu Yao

  3. State Grid Liaoning Electric Power Supply Co Ltd, Shenyang, China

    Xiaoming Zhou & Wenjie Zhang

Authors
  1. Wei Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yushan Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoming Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yijia Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wenjie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yu Yao
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

WY proposed experimental ideas, evaluated experimental data, and drafted manuscripts. YSF, ZXM, YJS designs experimental procedures collects data, and assists in manuscript writing. ZWJ, YY revises the manuscript and evaluates the data. All authors read and approved the final manuscript.

Corresponding author

Correspondence to Yushan Fang.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Ethics Approval

Not applicable.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yang, W., Fang, Y., Zhou, X. et al. Networked Industrial Control Device Asset Identification Method Based on Improved Decision Tree. J Netw Syst Manage 32, 32 (2024). https://doi.org/10.1007/s10922-024-09805-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-024-09805-z

Keywords

Search

Navigation