基于特征提取的工业控制系统入侵检测研究

Intrusion detection of industrial control system based on ADASYN-PSO-DBN feature extraction

为解决工业控制系统网络环境中不同类型网络流量的不平衡性、网络数据的高维性、非线性等问题,采用自适应合成采样(adaptive synthetic sampling,ADASYN)技术以克服工控入侵检测系统中普遍存在的类不平衡问题;用随机森林(random forest,RF)算法对工控网络入侵特征进行提取,递归特征消除(recursive feature elimination,RFE)方法用于选择影响工控网络入侵检测性能的主要特征;利用粒子群算法(particle swarm optimization,PSO)优化DBN的隐含层节点数,得到最优的DBN结构,构成基于深度信念网络(deep belief network,DBN)的分类模型,将其实践在工控入侵检测标准数据集.实验结果表明,该模型显著提升了工控入侵检测的性能.

The integration of the two processes brings certain safety risks to industrial production process.How to effectively detect whether the industrial control system is threatened by intrusion is a difficult problem in the research of industrial control security.In order to solve the problems of unbalanced network traffic of different types,high dimensional and non-linear network data in the network environment of industrial control system,Adaptive Synthetic Sampling(ADASYN)technology is used to overcome the class unbalanced problem in industrial intrusion detection system.Random Forest algorithm is used to extract the industrial network intrusion features,and Recursive Feature Elimination method is used to select the main features that affect the performance of industrial network intrusion detection.Then Particle Swarm Optimization(PSO)is employed to optimize the number of hidden layer nodes of DBN to obtain the optimal DBN structure.Finally,a classification model based on deep belief network(DBN)is constructed,which is implemented in industrial intrusion detection standard dataset.Experimental results show that this model strikingly enhances the performance of industrial intrusion detection.