摘要
实现自主深度分析工业网络通信安全态势是工业互联网安全研究的重要课题。为了实现工业互联网安全态势分析,基于网络通信数据流特征的深度分析,进行通信数据特征挖掘和网络入侵检测。根据网络流特征的不同,提出从传统通信网络到工业网络的数据流特征知识迁移思想,利用卷积神经网络归一化处理网络流特征,实现网络安全异常检测。实验表明,提出的特征分析技术在2种网络数据中具有良好的迁移性,工业网络异常检测的正确率在93%以上,并且稳定性在0.29%的方差以内。
The autonomous security situation awareness on industrial networks communication has been a critical subject for industrial networks security analysis.In this paper,a CNN-based feature mining method for networks communication dataflow was proposed to intrusion detect industrial networks to extract security situation awareness.Specifically,a normalization technique uniforming different sorts of networks dataflow features was designed for dataflow features fusion in the proposed feature mining method.The proposed methods were used to detect the security situation of traditional IT networks and industrial control networks.Experiment results showed that the proposed feature analysis method had good transferability in the two network data,and the accuracy rate of network anomaly detection was ideal and had higher stability.
作者
张定华
胡祎波
曹国彦
刘勇
石元兵
黄明浩
潘泉
ZHANG Dinghua;HU Yibo;CAO Guoyan;LIU Yong;SHI Yuanbing;HUANG Minghao;PAN Quan(School of Automation, Northwestern Polytechnical University, Xi′an 710072, China;Shaanxi SecureCon Technologies, Co. Ltd, Xi′an 710072, China;Chengdu Westone Information Industry INC, Chengdu 610000, China)
出处
《西北工业大学学报》
EI
CAS
CSCD
北大核心
2020年第1期199-208,共10页
Journal of Northwestern Polytechnical University
基金
“核高基”国家重大专项(2017ZX01030-201)
陕西省自然科学基金(2019JQ-342)资助
关键词
工控网络安全
数据流知识迁移
归一化处理
网络异常检测
industrial network security
data flow knowledge transfer
normalization
network anomaly detection
