Machine learning to automate network segregation for enhanced security in industry 4.0

Firooz B. Saghezchi; Georgios Mantas; José Ribeiro; Alireza Esfahani; Hassan Alizadeh; Joaquim Bastos; Jonathan Rodriguez

doi:10.1007/978-3-030-05195-2_15

Machine learning to automate network segregation for enhanced security in industry 4.0

Firooz B. Saghezchi^*, Georgios Mantas, José Ribeiro, Alireza Esfahani, Hassan Alizadeh, Joaquim Bastos, Jonathan Rodriguez

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.

Original language	English
Title of host publication	Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings
Editors	Saud Althunibat, Victor Sucasas, Georgios Mantas
Publisher	Springer
Pages	149-158
Number of pages	10
ISBN (Print)	9783030051945
DOIs	https://doi.org/10.1007/978-3-030-05195-2_15
Publication status	Published - 2019
Externally published	Yes
Event	9th International EAI Conference on Broadband Communications, Networks, and Systems, Broadnets 2018 - Faro, Portugal Duration: 19 Sep 2018 → 20 Sep 2018

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	263
ISSN (Print)	1867-8211

Conference

Conference	9th International EAI Conference on Broadband Communications, Networks, and Systems, Broadnets 2018
Country/Territory	Portugal
City	Faro
Period	19/09/18 → 20/09/18

Keywords

Cyber-physical production systems
IIoT
Industry 4.0
Machine learning
MTC
Network segregation
Security
Traffic classification

Access to Document

10.1007/978-3-030-05195-2_15Licence: Unspecified

Cite this

Saghezchi, F. B., Mantas, G., Ribeiro, J., Esfahani, A., Alizadeh, H., Bastos, J., & Rodriguez, J. (2019). Machine learning to automate network segregation for enhanced security in industry 4.0. In S. Althunibat, V. Sucasas, & G. Mantas (Eds.), Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings (pp. 149-158). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 263). Springer. https://doi.org/10.1007/978-3-030-05195-2_15

Saghezchi, Firooz B. ; Mantas, Georgios ; Ribeiro, José et al. / Machine learning to automate network segregation for enhanced security in industry 4.0. Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings. editor / Saud Althunibat ; Victor Sucasas ; Georgios Mantas. Springer, 2019. pp. 149-158 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{956903e5133a42388abb875ee7db415c,

title = "Machine learning to automate network segregation for enhanced security in industry 4.0",

abstract = "The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon{\textquoteright}s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.",

keywords = "Cyber-physical production systems, IIoT, Industry 4.0, Machine learning, MTC, Network segregation, Security, Traffic classification",

author = "Saghezchi, {Firooz B.} and Georgios Mantas and Jos{\'e} Ribeiro and Alireza Esfahani and Hassan Alizadeh and Joaquim Bastos and Jonathan Rodriguez",

note = "Funding Information: Acknowledgment. The authors would like to thank Infineon Technologies, especially Christian Zechner and Stephan Spittaler for their great support in data acquisition and identifying the addressed challenges. It is also acknowledged that this work has been developed within Power Semiconductor and Electronics Manufacturing 4.0 (SemI40) project, under grant agreement No. 692466, co-funded by grants from Austria, Germany, Italy, France, Portugal (through Funda{\c c}{\~a}o para a Ci{\^e}ncia e Tecnologia ECSEL/0009/2015) and Electronic Component Systems for European Leadership Joint Undertaking (ECSEL JU). Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019. Copyright: Copyright 2019 Elsevier B.V., All rights reserved.; 9th International EAI Conference on Broadband Communications, Networks, and Systems, Broadnets 2018 ; Conference date: 19-09-2018 Through 20-09-2018",

year = "2019",

doi = "10.1007/978-3-030-05195-2_15",

language = "English",

isbn = "9783030051945",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer",

pages = "149--158",

editor = "Saud Althunibat and Victor Sucasas and Georgios Mantas",

booktitle = "Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings",

address = "Germany",

}

Saghezchi, FB, Mantas, G, Ribeiro, J, Esfahani, A, Alizadeh, H, Bastos, J & Rodriguez, J 2019, Machine learning to automate network segregation for enhanced security in industry 4.0. in S Althunibat, V Sucasas & G Mantas (eds), Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 263, Springer, pp. 149-158, 9th International EAI Conference on Broadband Communications, Networks, and Systems, Broadnets 2018, Faro, Portugal, 19/09/18. https://doi.org/10.1007/978-3-030-05195-2_15

Machine learning to automate network segregation for enhanced security in industry 4.0. / Saghezchi, Firooz B.; Mantas, Georgios; Ribeiro, José et al.

Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings. ed. / Saud Althunibat; Victor Sucasas; Georgios Mantas. Springer, 2019. p. 149-158 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 263).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Machine learning to automate network segregation for enhanced security in industry 4.0

AU - Saghezchi, Firooz B.

AU - Mantas, Georgios

AU - Ribeiro, José

AU - Esfahani, Alireza

AU - Alizadeh, Hassan

AU - Bastos, Joaquim

AU - Rodriguez, Jonathan

N1 - Funding Information: Acknowledgment. The authors would like to thank Infineon Technologies, especially Christian Zechner and Stephan Spittaler for their great support in data acquisition and identifying the addressed challenges. It is also acknowledged that this work has been developed within Power Semiconductor and Electronics Manufacturing 4.0 (SemI40) project, under grant agreement No. 692466, co-funded by grants from Austria, Germany, Italy, France, Portugal (through Fundação para a Ciência e Tecnologia ECSEL/0009/2015) and Electronic Component Systems for European Leadership Joint Undertaking (ECSEL JU). Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019. Copyright: Copyright 2019 Elsevier B.V., All rights reserved.

PY - 2019

Y1 - 2019

N2 - The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.

AB - The heavy reliance of Industry 4.0 on emerging communication technologies, notably Industrial Internet-of-Things (IIoT) and Machine-Type Communications (MTC), and the increasing exposure of these traditionally isolated infrastructures to the Internet, are tremendously increasing the attack surface. Network segregation is a viable solution to address this problem. It essentially splits the network into several logical groups (subnetworks) and enforces adequate security policy on each segment, e.g., restricting unnecessary intergroup communications or controlling the access. However, existing segregation techniques primarily depend on manual configurations, which renders them inefficient for cyber-physical production systems because they are highly complex and heterogeneous environments with massive number of communicating machines. In this paper, we incorporate machine learning to automate network segregation, by efficiently classifying network end-devices into several groups through examining the traffic patterns that they generate. For performance evaluation, we analysed the data collected from a large segment of Infineon’s network in the context of the EU funded ECSEL-JU project “SemI40”. In particular, we applied feature selection and trained several supervised learning algorithms. Test results, using 10-fold cross validation, revealed that the algorithms generalise very well and achieve an accuracy up to 99.4%.

KW - Cyber-physical production systems

KW - IIoT

KW - Industry 4.0

KW - Machine learning

KW - MTC

KW - Network segregation

KW - Security

KW - Traffic classification

U2 - 10.1007/978-3-030-05195-2_15

DO - 10.1007/978-3-030-05195-2_15

M3 - Conference contribution

AN - SCOPUS:85059783006

SN - 9783030051945

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 149

EP - 158

BT - Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings

A2 - Althunibat, Saud

A2 - Sucasas, Victor

A2 - Mantas, Georgios

PB - Springer

T2 - 9th International EAI Conference on Broadband Communications, Networks, and Systems, Broadnets 2018

Y2 - 19 September 2018 through 20 September 2018

ER -

Saghezchi FB, Mantas G, Ribeiro J, Esfahani A, Alizadeh H, Bastos J et al. Machine learning to automate network segregation for enhanced security in industry 4.0. In Althunibat S, Sucasas V, Mantas G, editors, Broadband Communications, Networks, and Systems - 9th International EAI Conference, Broadnets 2018, Proceedings. Springer. 2019. p. 149-158. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). Epub 2018 Dec 30. doi: 10.1007/978-3-030-05195-2_15

Machine learning to automate network segregation for enhanced security in industry 4.0

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this