摘要
为解决当前主流工控流量异常检测方法检测覆盖率较低的问题,分析这类检测方法的特点,综合考虑通信流量中流量层、数据包层及内容层3种影响因素,提出一种分层依赖关系建模的工控异常检测方法。使用流量、数据包以及内容3个层次的特征,通过并行LSTM神经网络构建不同层内数据间的依赖关系,建立粒度由粗到细的分层依赖关系模型,扩大流量特征建模的覆盖率,提升对工控异常流量的检测能力。实验结果表明,该方法检测精确率达到了96.9%,与不分层的模型相比检测精确率提高了7.2%。
To deal with the low detection coverage of most currently ICS traffic anomaly detection methods,the characteristics of such detection methods were analyzed,and three influencing factors of the traffic layer,the data packet layer and the content la-yer in communication traffic were also taken into consideration,and ICS anomaly detection based on hierarchical dependency modeling was proposed.Characteristics of the data flow layer,the packet layer and the content were used to build the dependencies among different layers of data through the parallel LSTM neural network,to establish a hierarchical dependency model with coarse-to-fine granularity,expand coverage of traffic feature modeling,and enhance the ability of detecting ICS abnormal traffic.Results of experimental evaluation show that the detection precision of this method reaches 96.9%,which is improved by 7.2%compared with that of the non-layered model.
作者
张壮壮
陈永乐
王建华
陈俊杰
ZHANG Zhuang-zhuang;CHEN Yong-le;WANG Jian-hua;CHEN Jun-jie(College of Information and Computer,Taiyuan University of Technology,Taiyuan 030024,China)
出处
《计算机工程与设计》
北大核心
2021年第6期1542-1550,共9页
Computer Engineering and Design
基金
山西省自然科学基金重点基金项目(201701D111002)
山西省自然科学基金青年基金项目(201601D021074)。
