摘要
为解决传统入侵检测算法无法准确识别过程控制攻击的问题,提出一种基于改进胶囊网络的过程控制攻击检测方法。该算法利用多层卷积在提取复杂输入特征方面的优势,将原始流量转化为灰度图像进行初级特征提取;同时引入残差连接以解决梯度消失问题,利用胶囊网络特有的动态路由机制对初级特征进行聚类。使用2017 QUT_S7comm数据集进行实验。结果表明:所提方法在测试集上的准确率可达94.64%,在验证集上对各类攻击的识别准确率均在90%以上,实验证明所提方法可以有效预防针对工控系统的过程控制攻击。
In order to solve the problem that traditional intrusion detection algorithms cannot accurately identify process control attacks,a process control attack detection method based on improved capsule network was proposed.The proposed algorithm took advantage of multi-layer convolution in extracting complex input features,converted the original traffic into grayscale images for primary feature extraction.Residual connections were introduced to solve the problem of vanishing gradients.The dynamic routing mechanism specific to capsule network was used to cluster primary features.2017 QUT_S7comm dataset was used for experiments.The results show that the test accuracy of the proposed method can reach 94.64%.The recognition accuracy of various attacks on the validation set is above 90%.Experiments show that the proposed method can effectively prevent process control attacks against industrial control systems.
作者
袁野
宗学军
何戡
连莲
YUAN Ye;ZONG Xue-jun;HE Kan;LIAN Lian(School of Information Engineering,Shenyang University of Chemical Technology,Shenyang 110142,China;Liaoning Key Laboratory of Information Security in Petrochemical Industry,Shenyang 110142,China)
出处
《科学技术与工程》
北大核心
2023年第12期5170-5175,共6页
Science Technology and Engineering
基金
辽宁省“兴辽英才计划”项目(XLYC2002085)
中央引导地方科技发展基金项目(辽科发规[20.23]7号-36)。
关键词
过程控制攻击
胶囊网络
卷积网络
残差连接
动态路由
process control attack
capsule network
convolutional network
residual connection
dynamic routing
