Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to succes...Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.展开更多
基金This work is supported by the Scientific Research Project of Educational Department of Liaoning Province(Grant No.LJKZ0082)the Program of Hainan Association for Science and Technology Plans to Youth R&D Innovation(Grant No.QCXM201910)+2 种基金the National Natural Science Foundation of China(Grant Nos.61802092 and 92067110)the Hainan Provincial Natural Science Foundation of China(Grant No.620RC562)2020 Industrial Internet Innovation and Development Project-Industrial Internet Identification Data Interaction Middleware and Resource Pool Service Platform Project,Ministry of Industry and Information Technology of the People’s Republic of China.
文摘Anomaly detection is becoming increasingly significant in industrial cyber security,and different machine-learning algorithms have been generally acknowledged as various effective intrusion detection engines to successfully identify cyber attacks.However,different machine-learning algorithms may exhibit their own detection effects even if they analyze the same feature samples.As a sequence,after developing one feature generation approach,the most effective and applicable detection engines should be desperately selected by comparing distinct properties of each machine-learning algorithm.Based on process control features generated by directed function transition diagrams,this paper introduces five different machine-learning algorithms as alternative detection engines to discuss their matching abilities.Furthermore,this paper not only describes some qualitative properties to compare their advantages and disadvantages,but also gives an in-depth and meticulous research on their detection accuracies and consuming time.In the verified experiments,two attack models and four different attack intensities are defined to facilitate all quantitative comparisons,and the impacts of detection accuracy caused by the feature parameter are also comparatively analyzed.All experimental results can clearly explain that SVM(Support Vector Machine)and WNN(Wavelet Neural Network)are suggested as two applicable detection engines under differing cases.
