摘要
为发展工控网络智能化管理,研究工控网络中设备类型的自动识别技术,提出一种基于流量分类的设备类型识别方法,综合报文首部特征以及有效载荷隐含特征。利用随机森林模型,筛选报文首部字段中工控网络流量分类的关键特征;利用一维卷积神经网络,提取流量有效载荷的隐含特征;两种特征融合完成流量分类,基于流量分类结果实现设备类型识别。实验结果表明,由该方法训练的模型可高效完成设备流量分类,准确识别工控设备类型。
To develop the intelligent management of industrial control system(ICS)network security,the automatic identification technology for devices in ICS network was studied,and a devices identification method based on traffic classification was proposed,in which the packet header features and payload features were integrated.From segments of packet header,key features were selected through a random forest model.A one-dimensional convolutional neural network was used to extract hidden features from the payload.These two kinds of features were fused to classify packets in flow,and based on the flow classification results,types of devices were identified.Experimental results verify that the model obtained using the method can accomplish flow classification efficiently,which makes sure ICS devices type can be accurately identified.
作者
程晟滔
王诗蕊
张耀方
张哲宇
王子博
王佰玲
CHENG Sheng-tao;WANG Shi-rui;ZHANG Yao-fang;ZHANG Zhe-yu;WANG Zi-bo;WANG Bai-ling(School of Computer Science and Technology,Harbin Institute of Technology at Weihai,Weihai 264209,China;Inspection and Evaluation Institute,National Industrial Information Security Development Research Center,Beijing 100040,China;Research Institute of Cyberspace Security,Harbin Institute of Technology,Harbin 150001,China)
出处
《计算机工程与设计》
北大核心
2023年第7期1952-1960,共9页
Computer Engineering and Design
基金
国防基础科研计划基金项目(JCKY2019608B001)。
关键词
工业控制系统
设备识别
流量分类
随机森林
特征重要性
卷积神经网络
特征融合
industrial control system
device identification
traffic classification
random forest
feature importance
convolutional neural network
feature fusion
