摘要
基于通信行为的异常检测是工业控制系统入侵检测的难点问题.通过利用粒子群优化(particle swarm optimization,PSO)算法对单类支持向量机(one-class support vector machine,OCSVM)算法的参数进行优化,提出一种PSO-OCSVM算法.该算法根据正常的Modbus功能码序列建立正常通信行为的入侵检测模型,识别出异常的Modbus TCP通信流量.通过仿真对比分析,证明PSO-OCSVM算法满足工业控制系统通信异常检测对高效性、可靠性和实时性的需求.
The detection of anomalous communication behavior is a challenging problem with respect to detecting intrusions in industrial control systems. We utilize the particle swarm optimization (PSO) algorithm to optimize the parameters of the one-class support vector machine (OCSVM), and further propose the PSO-OCSVM al- gorithm. According to the function codes of the standard Modbus transmission control protocol (TCP), we developed an intrusion detection model of normal communication behavior to enable the identification of abnormal Modbus TCP communication. A comparison and analysis of the simulation confirms that the proposed algorithm is demonstrably efficient, reliable, and operates in real-time, and thus has the potential to meet the requirements of anomaly detection in industrial control systems.
出处
《信息与控制》
CSCD
北大核心
2015年第6期678-684,共7页
Information and Control
基金
国家自然科学基金资助项目(61501447)
中国科学院网络化控制系统重点实验室自主课题资助项目
关键词
单类支持向量机
入侵检测
Modbus功能码
粒子群优化
one-class support vector machine
intrusion detection
Modbus function code
particle swarm optimization
