摘要
为解决工控系统计算资源有限,但对入侵检测时间敏感、检测精度要求高的问题,提出一种将模型训练与检测分离的迁移训练方法。将分类算法预测模型的训练任务迁移到工控系统之外的计算设备,工控系统通过高速网络实时获得预测模型的更新并将检测到的具有训练价值的样本上传。为使模型达到良好的检测效果,提出一种随机属性约束策略对天牛须搜索算法进行改进,利用改进后的天牛须算法对XGBoost分类算法进行参数寻优。实验结果表明,该方法检测率高、误报率低、检测速度快,适合工控系统入侵检测。
To solve the problems of limited computing resources in industrial control systems,and its sensitivity to intrusion detection time and high detection precision,a migration training method was proposed,in which model training was separated from detection.The training task of the classification algorithm prediction model was transferred to the computing equipment outside the industrial control system.The industrial control system obtained the update of the prediction model in real time through the high-speed network and uploaded the detected samples with training value.To make the model achieve good detection effects,a random property constraints strategy was proposed to improve the beetle antennae search algorithm,and the improved beetle antennae search algorithm was used to optimize the parameters of XGBoost.Experimental results show that the proposed method has high detection rate,low false alarm rate and high detection speed,and it is suitable for industrial control system intrusion detection.
作者
汪祖民
田纪宇
王宝凤
WANG Zu-min;TIAN Ji-yu;WANG Bao-feng(College of Information Technology,Dalian University,Dalian 116622,China;School of Network Engineering,Zhoukou Normal University,Zhoukou 466001,China)
出处
《计算机工程与设计》
北大核心
2021年第8期2108-2114,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(61702071)。
关键词
迁移训练
天牛须搜索算法
极限梯度提升
随机属性约束
工业控制系统
入侵检测
migration training
beetle antennae search algorithm
XGBoost
random property constraints
industrial control system
intrusion detection
