Abstract
This study considers the problem of detecting network anomalies caused by computer attacks in the networks of the industrial Internet of things. To detect anomalies, a new method is proposed, built using a hierarchical temporal memory (HTM) computation model based on the neocortex model. An experimental study of the developed method of detecting computer attacks based on the HTM model showed the superiority of the developed solution over the LSTM analog. The developed prototype of the anomaly detection system provides continuous training on unlabeled data sets in real time, takes into account the current network context, and applies the accumulated experience by supporting the memory mechanism.
REFERENCES
Cho, H., Andreev, A., Kalinin, M., Moskvin, D., and Zegzhda, D., Mismatch-resistant intrusion detection with bioinspired suffix tree algorithm, Algorithms and Solutions Based on Computer Technology, Jahn, C., Ungvári, L., and Ilin, I., Eds., Lecture Notes in Networks and Systems, vol. 387, Cham: Springer, 2022, pp. 1–16. https://doi.org/10.1007/978-3-030-93872-7_1
Petrenko, S.A., Petrenko, A.A., and Kostyukov, A.D., Cyber resilience of digital ecosystems, Zashch. Inf. Insaid, 2021, no. 4, pp. 17–23.
Fatin, A.D. and Pavlenko, E.Yu., Protection against network attacks on cyberphysical systems based on neuroevolution algorithms, Informatsionnaya bezopasnost’ regionov Rossii (IBRR-2021). Materialy XII Sankt-Peterburgskoi mezhregional'noi konferentsii (Information Security of Russian Regions: Proc. 12th St. Petersburg Interregional Conf.), Sovetov, B.Ya., Yusupov, R.M. and Kasatkin, V.V., Eds., St. Petersburg, 2021, pp. 345–346.
Ovasapyan, T.D., Nikulkin, V.A., and Moskvin, D.A., Applying honeypot technology with adaptive behavior to internet-of-things networks, Autom. Control Comput. Sci., 2021, vol. 55, no. 8, pp. 1104–1110. https://doi.org/10.3103/s0146411621080253
Hawkins, J. and Blakeslee, S., On Intelligence, New York: Times Books, 2004.
Krundyshev, V. and Kalinin, M., Prevention of cyber attacks in smart manufacturing applying modern neural network methods, IOP Conf. Ser.: Mater. Sci. Eng., 2020, vol. 940, no. 1, p. 012011. https://doi.org/10.1088/1757-899x/940/1/012011
Problems that fit htm, Numenta, Tech. Rep., 2006.
Hawkins, J., Hierarchical temporal memory including cortical learning algorithms. Technical report, Numenta, Inc. Ver. 0.2.1, 2011.
Moustafa, N. and Slay, J., UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set), 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, 2015, IEEE, 2015, pp. 1–6. https://doi.org/10.1109/milcis.2015.7348942
Belenko, V., Krundyshev, V., and Kalinin, M., Synthetic datasets generation for intrusion detection in VANET, Proc. 11th Int. Conf. on Security of Information and Networks, Cardiff, UK, 2018, New York: Association for Computing Machinery, 2018, p. 9. https://doi.org/10.1145/3264437.3264479
Ahmad, S., Lavin, A., Purdy, S., and Agha, Z., Unsupervised real-time anomaly detection for streaming data, Neurocomputing, 2017, vol. 262, pp. 134–147. https://doi.org/10.1016/j.neucom.2017.04.070
Singh, A., Anomaly detection for temporal data using long short-term memory (LSTM), MSc Thesis, Stockholm: KTH Royal Institute of Technology, 2017.
Cui, Yu., Ahmad, S., and Hawkins, J., Continuous online sequence learning with an unsupervised neural network model, Neural Comput., 2016, vol. 28, no. 11, pp. 2474–2504. https://doi.org/10.1162/neco_a_00893
Haddad, J. and Piehl, C., Unsupervised anomaly detection in time series with recurrent neural networks, Student Thesis, Stockholm: KTH Royal Institute of Technology, 2019. https://urn.kb.se/resolve?urn=urn%3Anbn% 3Ase%3Akth%3Adiva-259655.
Funding
The research is funded by the Ministry of Science and Higher Education of the Russian Federation as part of the World-Class Research Center program: Advanced Digital Technologies (contract no. 075-15-2022-311 dated April 20, 2022).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors of this work declare that they have no conflicts of interest.
Additional information
Publisher’s Note.
Allerton Press remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Krundyshev, V.M., Markov, G.A., Kalinin, M.O. et al. Cyberattack Detection in the Industrial Internet of Things Based on the Computation Model of Hierarchical Temporal Memory. Aut. Control Comp. Sci. 57, 1040–1046 (2023). https://doi.org/10.3103/S0146411623080114
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411623080114