摘要
针对Modbus工业总线协议的特殊性及工控数据样本的不均衡性,利用单类支持向量机(OCSVM)分别构建正常OCSVM模型和异常OCSVM模型,即双轮廓模态来模拟系统通信的正常模式和异常模式,从而实现工控系统异常检测。同时将遗传算法优化自变量降维应用于工控网络入侵检测场景,实现对输入自变量的降维压缩处理,防止OCSVM模型出现过拟合现象及分类准确率低的问题,提高异常检测的精度,缩减建模时间。通过仿真验证了该算法对工控网络异常检测的有效性。
The Modbus industry bus protocol is special,and the network intrusion data sample of industrial control system is not balanced.So this paper used OCSVM to construct double contour model combining normal OCSVM model,and abnormal OCSVM model to simulate the normal mode and abnormal mode of system communication.Then it realized the abnormal detection of industrial control system.In order to prevent the OCSVM model from overfitting and the low accuracy of classification,this paper applied the genetic algorithm to the industrial control network by optimizing the dimensionality reduction of the independent variable.This method improved the accuracy of the anomaly detection and reduced the modeling time.Simulation results show that the proposed algorithm is effective for anomaly detection of industrial network.
作者
闫腾飞
尚文利
赵剑明
乔枫
曾鹏
Yan Tengfei;Shang Wenli;Zhao Jianming;Qiao Feng;Zeng Peng(Faculty of Information&Control Engineering,Shenyang Jianzhu University,Shenyang 110168,China;Shenyang Institute of Automation,Chinese Academy of Sciences,Shenyang 110016,China;Key Laboratory of Networked Control Systems,Chinese Academy of Sciences,Shenyang 110016,China;University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《计算机应用研究》
CSCD
北大核心
2019年第11期3361-3364,共4页
Application Research of Computers
基金
国家重点研发计划项目(2018YFB2004200)
中科院战略性先导科技专项项目(XDC02020200)
国家自然科学基金面上项目(61773368)
预研基金资助项目(614024201011 6Zk63001)
关键词
工业控制系统
异常检测
遗传算法
单类支持向量机
双轮廓模态
industrial control system
anomaly detection
genetic algorithm
one-class support vector machine(OCSVM)
double contour model
