基于半监督分簇策略的工控入侵检测
发布时间:2019-04-01 07:22
【摘要】:为解决病毒、木马攻击工业控制系统应用层网络协议的问题,分析了Modbus/TCP通信协议的规则,提出了一种基于聚类和支持向量机的半监督分簇策略,该策略将无监督的模糊C均值聚类(fuzzy C-means,FCM)和有监督的支持向量机(support vector machine,SVM)相结合,实现了工控异常检测的半监督机器学习.首先提取工业控制系统Modbus/TCP协议的通信流量数据,对其进行数据预处理,然后利用模糊C均值聚类得到聚类中心,计算通信数据与聚类中心的距离,将满足阈值条件的部分数据进一步由遗传算法(genetic algorithm,GA)优化的支持向量机分类.实验结果表明,与传统的入侵检测方法相比,该方法将无监督学习和有监督学习完美结合,并且在不需要提前知道类别标签的前提下即可有效地降低训练时间,提高分类精度.
[Abstract]:In order to solve the problem of virus and Trojan horse attacking application layer network protocol of industrial control system, the rules of Modbus/TCP communication protocol are analyzed, and a semi-supervised clustering strategy based on clustering and support vector machine is proposed. The strategy combines unsupervised fuzzy C-means clustering (fuzzy C means) and supervised support vector machine (support vector machine,SVM) to realize semi-supervised machine learning for industrial anomaly detection. Firstly, the communication flow data of Modbus/TCP protocol is extracted and pre-processed, then the cluster center is obtained by fuzzy C-means clustering, and the distance between the communication data and the cluster center is calculated. Some data satisfying the threshold condition are further classified by the support vector machine optimized by genetic algorithm (genetic algorithm,GA). The experimental results show that compared with the traditional intrusion detection method, this method combines unsupervised learning with supervised learning perfectly, and can effectively reduce the training time and improve the classification accuracy without the need to know the class label in advance.
【作者单位】: 沈阳理工大学自动化与电气工程学院;中国科学院沈阳自动化研究所;中科院网络化控制系统重点实验室;
【基金】:国家863高技术计划资助项目(2015AA043901)
【分类号】:TP273;TP393.08
本文编号:2451357
[Abstract]:In order to solve the problem of virus and Trojan horse attacking application layer network protocol of industrial control system, the rules of Modbus/TCP communication protocol are analyzed, and a semi-supervised clustering strategy based on clustering and support vector machine is proposed. The strategy combines unsupervised fuzzy C-means clustering (fuzzy C means) and supervised support vector machine (support vector machine,SVM) to realize semi-supervised machine learning for industrial anomaly detection. Firstly, the communication flow data of Modbus/TCP protocol is extracted and pre-processed, then the cluster center is obtained by fuzzy C-means clustering, and the distance between the communication data and the cluster center is calculated. Some data satisfying the threshold condition are further classified by the support vector machine optimized by genetic algorithm (genetic algorithm,GA). The experimental results show that compared with the traditional intrusion detection method, this method combines unsupervised learning with supervised learning perfectly, and can effectively reduce the training time and improve the classification accuracy without the need to know the class label in advance.
【作者单位】: 沈阳理工大学自动化与电气工程学院;中国科学院沈阳自动化研究所;中科院网络化控制系统重点实验室;
【基金】:国家863高技术计划资助项目(2015AA043901)
【分类号】:TP273;TP393.08
【相似文献】
相关期刊论文 前9条
1 马钧;佘军;;石化企业工业控制系统非网联接[J];计算机与现代化;2014年02期
2 黄建润;朱文柳;邓阳明;;探究工业控制系统网络的安全问题[J];电子制作;2013年08期
3 李京春;;适应新形势 应对工业控制系统网络安全新挑战[J];保密科学技术;2014年04期
4 ;病毒云可能会摧毁许多工业控制系统[J];中国教育网络;2010年12期
5 王得金;江常青;彭勇;;工业控制系统上基于安全域的攻击图生成[J];清华大学学报(自然科学版);2014年01期
6 ;工业控制系统办公网窃密案例模拟场景[J];保密科学技术;2014年04期
7 申丽;;震网病毒对工业控制系统的安全风险与保护措施[J];企业研究;2013年04期
8 郭春梅;毕学尧;;对工业控制系统网络安全的思考[J];信息安全与通信保密;2013年03期
9 刘斌;;从“震网”病毒看工业控制系统的安全[J];科技广场;2012年08期
相关硕士学位论文 前3条
1 谢尚款;航天211厂工业控制系统网络安全体系的设计与实现[D];哈尔滨工业大学;2015年
2 邹亚楠;用于工业控制系统的安全交换机设计[D];浙江大学;2013年
3 高栋梁;MODBUS TCP/IP协议防火墙的研究与实现[D];北京邮电大学;2015年
,本文编号:2451357
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2451357.html
