Research On Encrypted Traffic Classification And Intrusion Detection Methods Of Industrial Internet Of Things

As the industrial internet of things develops,More and more control systems,sensors,and application data are encrypted in order to safeguard network security.The randomness of its load characteristics is strengthened after traffic encryption,and statistical properties also alter.It is challenging to recognize and handle encrypted traffic using conventional detection and analysis techniques for non-encrypted data.While there are notable differences in network topology and encryption methods for encrypted traffic in industrial automation scenarios,most existing research on encrypted traffic primarily focuses on internet traffic.This has created new issues and challenges for the security and management of the industrial internet of things.This paper focuses on the issue that it is challenging to detect and identify encrypted traffic in the industrial internet of things.This research investigates a number of deep learning and federated learning network traffic classification techniques to enable application classification and intrusion detection of encrypted traffic in the industrial internet of things without the need for decryption.These are the specifics of the work:(1)Application classification for industrial internet of things encrypted traffic.First,a classifier training model for automatically extracting encrypted traffic features was built based on three algorithms:1D-CNN,LSTM,and CNN-LSTM,fully taking into account the geographical and temporal properties of encrypted information.Then apply Softmax to obtain the classification results and implement the application classification task of encrypted traffic(10 application categories).The experimental results demonstrate that using a classification model based on 1D-CNN has faster training speed and highest classification accuracy,as 1D-CNN has stronger generalization ability,can efficiently utilize local features of the front and back data when processing temporal data,and achieves better classification performance.(2)Intrusion detection for encrypted traffic on the industrial internet of things.In order to address the issue of network attacks on the encrypted traffic of the industrial internet of things,the industrial internet of things connection protocol’s 11 attack traffic and regular traffic are discovered and evaluated.In order to build an intrusion detection model,a strategy based on federated learning and several deep learning algorithms is first developed,taking into account the features of encrypted traffic and the privacy protection of industrial data.Intrusion detection of encrypted communication is accomplished through multi-party cooperative training of the model.The experimental results demonstrate that the performance of the intrusion detection model based on the 1D-CNN algorithm under the federated learning architecture has faster training speed and the highest accuracy,further verifying that the 1D-CNN algorithm can extract more features and has stronger generalization ability when processing time series data.Additionally,the accuracy of using federated training is only 0.5%lower than that of centralized training,which can guarantee the efficacy of network encrypted traffic intrusion detection and also guarantee the security and privacy of industrial user data.The study’s findings serve as a crucial technical foundation for the analysis and identification of encrypted traffic in the industrial internet of things and have significant guiding implications for enhancing its management and security.