基于组合神经网络的启发式工控系统异常检测模型

发布时间：2019-06-06 17:15

【摘要】：为了提高工控系统入侵的检测率,讨论了传统工控入侵检测技术的原理,并从信息论的观点进行了对比研究.通过对工控系统特异性及其攻击手法的建模,归纳出工控攻击在协议栈、统计特性、通信行为等方面表现出的动态和静态指纹,基于一种新的异构信息的抽象方法,提出并实现了一个基于组合神经网络的启发式工控系统异常检测模型.测试结果表明该检测模型运行高效,相比一般智能方法检测结果更为准确.
[Abstract]:In order to improve the intrusion detection rate of industrial control system, the principle of traditional industrial control intrusion detection technology is discussed, and a comparative study is carried out from the point of view of information theory. Through the modeling of the specificity of industrial control system and its attack techniques, the dynamic and static fingerprints of industrial control attack in protocol stack, statistical characteristics, communication behavior and so on are summarized, which is based on a new abstract method of heterogeneous information. An anomaly detection model of heuristic industrial control system based on combined neural network is proposed and implemented. The test results show that the detection model is efficient and more accurate than the general intelligent method.
【作者单位】：四川师范大学网络与通信技术研究所;
【基金】：四川省教育厅青年基金(15ZB0026)
【分类号】：TP183;TP393.08

【相似文献】