Research On Semi-supervised Learning Based ARP Attack Detection Method In SDIIoT

As a key technology for the transformation from traditional industry to intelligent industry,the industrial internet of things(IIoT)develops rapidly with the rise of the internet of things(IoT).IIoT provides enterprises with huge productivity,efficiency,reliability and performance and has great application prospects.However,the form of network security IIoT faces is more severe.The address resolution protocol(ARP)attack has become a typical se curity threat in IIoT.As a new network architecture that separates the control layer and data layer,the software defined network(SDN)realizes the flexible network control and the convenient method deployment.At present,many scholars have introduced t he SDN architecture into IIoT to solve a series of practical problems and challenges.Similarly,this paper uses it to solve the ARP attack in IIoT for its centralized control of the network and easy deployment of the solution.This paper studies the ARP attack detection method based on machine learning in the software defined industrial internet of things(SDIIoT).Firstly,in order to solve the problems of limited feature extraction angle and small number of labeled samples in existing ARP attack detection methods,this paper proposes a multi-factor integration-based semi-supervised learning for ARP attack detection method,called MIS,to better detect ARP attacks in IIoT.This method designs a multi-factor integration-based feature extraction and proposes a semi-supervised learning framework with differential priority sampling and self-training.MIS considers the ARP attack features from different aspects to help the model make correct judgment.Meanwhile,the differential priority sampling enables the base learner in selftraining to learn efficiently from the unlabeled samples with differences.Secondly,in the early stage of a new IIoT scene,the ARP attack classifier with good detection performance cannot be obtained only by a small amount of data.At the same time,due to the different nature of data distribution,the models trained in different scenes are different.In order to effectively use the data of the new scene and its related scene,this paper proposes an ARP attack detection method based on the single-source domain expansion and the priori parameter migration,called Transfer-MIS,to migrate the model parameters of MIS.In this way,the new scene can obtain an efficient ARP classifier.In Transfer-MIS,Bootstrap and clusterbased sampling is used to expand a single-source domain into a multi-source domain in order to jointly enhance the classification performance of the target domain.And the ARP attack detector on the target domain is composed by assigning weights based on mobility to parameters from different sources.In the experiment,this paper evaluates the p erformance of the proposed algorithms based on the real dataset collected from the real IIoT environment and the simulated datasets generated by Mininet.The experiments show that MIS can achieve good performance in detecting ARP attacks.Meanwhile,compared with fully-supervised learning and other popular ARP detection methods,MIS also shows the best performance.In addition,Transfer-MIS can also effectively migrate the knowledge of the source domain on the basis of a small amount of target domain data,so as to obtain an ARP classifier suitable for the current environment.This classifier can achieve better detection performance on the target domain data.