Efficient SVH2M for information anomaly detection in manufacturing processes on system call

• Chao-Hsien Hsieh,
• Fengya Xu,
• Qingqing Yang,
• Dehong Kong,

Vol. 18, No. 10, October 31, 2024
10.3837/tiis.2024.10.009, Download Paper (Free):

• Hidden Markov Model
• Support Vector Machine
• system call
• Intrusion Detection

Abstract

With the integration of the manufacturing process in the Internet, cybersecurity becomes even more important in the process of factory operations. Because of the complexity of data traffic in the manufacturing industry, the identification and classification of anomalous behavior is an important direction of current research. System calls are made at the operating system level. Therefore, the use of system call sequences can detect potential threats much earlier. So, this paper chooses system call information as the research object. System call orderliness is an ideal property for analysis of using hidden Markov model. In terms of methodology, the SVH2M model improves the performance and efficiency of attack detection in manufacturing systems. The SVH2M model combines pSVM with mHMM. The pSVM and mHMM models use SVMPSA and PATA. pSVM is first used to initially categorize the system call sequences into normal and abnormal categories. The classification of pSVM can reduce the amount of data. This reduces the error rate of mHMM processing. Next, mHMM is built for different types of known anomalies. The SVH2M model in the false positive rate is lower than that of hidden Markov model. The experimental results show that the AUC of the improved model is increased by 17%. The average Mismatch Rate is reduced by 16%. The performance and efficiency of detecting anomalous information are improved in manufacturing systems.

Statistics

Cite this article