Identification method for malicious traffic in industrial Internet under new unknown attack scenarios.

Aiming at the problem of traffic data distribution shift caused by new unknown attacks in the industrial Internet, a malicious traffic identification method based on neighborhood filtering and stable learning was proposed to enhance the effectiveness and robustness of the existing graph neural network model in identifying known malicious traffic. Firstly, the graph structure of the traffic data was modeled to capture the topological relationship and interaction mode in communication behavior. Secondly, the traffic subgraph was divided based on the neighborhood filtering mechanism of biased sampling to eliminate the pseudo-homogeneity between communication behaviors. Finally, the statistical independence of high-dimensional traffic features was realized by applying graph representation learning and stable learning strategies, combined with adaptive sample weighting and collaborative loss optimization methods. The experimental results on two benchmark datasets show that compared with the baseline method, the recognition performance of the proposed method is increased by more than 2.7% in the new unknown attack scenario, which shows its high efficiency and practicability in the industrial Internet environment. [ABSTRACT FROM AUTHOR]