TY - JOUR
T1 - X-IIoTID
T2 - A Connectivity-Agnostic and Device-Agnostic Intrusion Data Set for Industrial Internet of Things
AU - Al-Hawawreh, Muna
AU - Sitnikova, Elena
AU - Aboutorab, Neda
PY - 2022/3/1
Y1 - 2022/3/1
N2 - Industrial Internet of Things (IIoT) is a high-value cyber target due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT's co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems' activities, connectivities, and attack behaviors. In addition, owing to their multiplatform connectivity protocols and multivendor devices, collecting and creating such data are also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion data set for an IIoT called X-IIoTID, a connectivity-agnostic and device-agnostic intrusion data set for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multiview features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with 18 intrusion data sets to verify its novelty.
AB - Industrial Internet of Things (IIoT) is a high-value cyber target due to the nature of the devices and connectivity protocols they deploy. They are easy to compromise and, as they are connected on a large scale with high-value data content, the compromise of any single device can extend to the whole system and disrupt critical functions. There are various security solutions that detect and mitigate intrusions. However, as they lack the capability to deal with an IIoT's co-existing heterogeneity and interoperability, developing new universal security solutions to fit its requirements is critical. This is challenging due to the scarcity of accurate data about IIoT systems' activities, connectivities, and attack behaviors. In addition, owing to their multiplatform connectivity protocols and multivendor devices, collecting and creating such data are also challenging. To tackle these issues, we propose a holistic approach for generating an appropriate intrusion data set for an IIoT called X-IIoTID, a connectivity-agnostic and device-agnostic intrusion data set for fitting the heterogeneity and interoperability of IIoT systems. It includes the behaviors of new IIoT connectivity protocols, activities of recent devices, diverse attack types and scenarios, and various attack protocols. It defines an attack taxonomy and consists of multiview features, such as network traffic, host resources, logs and alerts. X-IIoTID is evaluated using popular machine and deep learning algorithms and compared with 18 intrusion data sets to verify its novelty.
KW - Cybersecurity
KW - data set
KW - Industrial Internet of Things (IIoT)
KW - intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=85112605420&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2021.3102056
DO - 10.1109/JIOT.2021.3102056
M3 - Article
AN - SCOPUS:85112605420
SN - 2327-4662
VL - 9
SP - 3962
EP - 3977
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
IS - 5
ER -