Honeypot Intrusion Detection System using an Adversarial Reinforcement Learning for Industrial Control Networks
محورهای موضوعی : Majlesi Journal of Telecommunication Devices
Abbasgholi Pashaei
1
(Department of Electrical Engineering, Ahar Branch, Islamic Azad University, Ahar, Iran)
Mohammad Esmaeil Akbari
2
(Department of Electrical Engineering, Ahar Branch, Islamic Azad University, Ahar, Iran)
Mina Zolfy Lighvan
3
(Department of Electrical and Computer Engineering Faculty, Tabriz University, Tabriz, Iran)
Asghar Charmin
4
(Department of Electrical Engineering, Ahar Branch, Islamic Azad University, Ahar, Iran)
کلید واژه: intrusion detection, Honeypot, adversarial learning, Markov Decision Process,
چکیده مقاله :
Distributed Denial of Service (DDoS) attacks are a significant threat, especially for the Internet of Things (IoT). One approach that is practically used to protect the network against DDoS attacks is the honeypot. This study proposes a new adversarial Deep Reinforcement Learning (DRL) model that can deliver better performance using experiences gained from the environment. Further regulation of the agent's behavior is made with an adversarial goal. In such an environment, an attempt is made to increase the difficulty level of predictions deliberately. In this technique, the simulated environment acts as a second agent against the primary environment. To evaluate the performance of the proposed method, we compare it with two well-known types of DDoS attacks, including NetBIOS and LDAP. Our modeling overcomes the previous models in terms of weight accuracy criteria (> 0.98) and F-score (> 0.97). The proposed adversarial RL model can be especially suitable for highly unbalanced datasets. Another advantage of our modeling is that there is no need to segregate the reward function.