摘要
工业控制系统入侵检测是工业网络中的一个难点问题,存在着系统建立速度慢、模型更新代价高和扩展性差等不足,因此提出一种基于增量单类支持向量机(one-class support vector machine,OCSVM)的工业控制系统入侵检测方法.根据正常Modbus/TCP数据信息,利用OCSVM算法学习正常行为的通信模式.随着新样本的持续增加,为了提高学习速度,进一步利用临近分类间隔和KKT条件对当前训练样本集进行约减,约减后的训练样本再次进行快速增量OCSVM训练.经过实验结果分析,证明了该方法在保持较高分类精度的同时提高了入侵检测系统的增量学习速度.
Intrusion detection in industrial control systems is a challenging problem in industrial networks and is usually characterized by low speed,high cost,and poor scalability. We use the one-class support vector machine (OCSVM) algorithm in a communication model of learning normal behavior from normal Modbus/TCP date sets. As the new sample continues to increase,the current training sample set is reduced from the nearclass interval and Karush-Kuhn-Tucker (KKT) conditions to improve the learning speed,and the reduced training sample set is used in the OCSVM incremental training. Our experimental data analysis shows that this method has higher classification accuracy and improves the learning speed of the intrusion detection system.
作者
李挺
洪镇南
刘智勇
肖体正
LI Ting;HONG Zhennan;LIU Zhiyong;XIA0Tizheng(The School of Electrical Engineering,University of South China,Hengyang 421001,China;Zhuhai FIR Information Technology Co.Ltd,Zhuhai 519080,China)
出处
《信息与控制》
CSCD
北大核心
2018年第6期755-760,共6页
Information and Control
基金
湖南省自然科学基金资助项目(2017JJ4048)
关键词
增量学习
入侵检测
单类支持向量机
信息安全
incremental learning
intrusion detection
one-class support vector machine (OCSVM)
information security
