###
工程科学与技术:2022,54(6):238-247
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
基于特征选择和时间卷积网络的工业控制系统入侵检测
(1.中国石油大学(华东) 计算机科学与技术学院,山东 青岛 266580;2.中国石油大学(华东) 海洋与空间信息学院,山东 青岛 266580;3.中国石油大学(华东) 控制科学与工程学院,山东 青岛 266580))
Industrial Control System Intrusion Detection Based on Feature Selection and Temporal Convolutional Network
(1.School of Computer Sci. and Technol., China Univ. of Petroleum (East China), Qingdao 266580, China;2.School of Oceanography and Space Info., China Univ. of Petroleum (East China), Qingdao 266580, China;3.School of Control Sci. and Eng., China Univ. of Petroleum (East China), Qingdao 266580, China)
摘要
图/表
参考文献
相似文献
本文已被:浏览 71次   下载 22
投稿时间:2021-09-28    修订日期:2022-11-03
中文摘要: 针对工业控制系统流量数据存在特征冗余及深度学习模型对较小规模数据集检测能力较差的问题,提出了一种基于特征选择和时间卷积网络的工业控制系统入侵检测模型。首先,对源域数据集的异常特征和样本不平衡数据进行处理,提高源域数据集质量。其次,针对流量数据的特征冗余,利用信息增益率和主成分分析法构建IGR–PCA特征选择算法,筛选出最优特征子集实现数据降维。然后,根据工业控制系统流量数据的时间序列特性,在较大规模的源域数据集上,利用时间卷积网络(temporal convolution network,TCN)对时间序列数据优异的处理能力,构建源域时间卷积网络预训练模型。最后,在较小规模的目标域数据集上,结合迁移学习(transfer learning,TL)微调策略,获取源域样本数据的流量特征,构建目标域TCN–TL模型。利用公开的工业控制系统数据集进行实验测试,实验结果表明:流量数据经本文特征算法处理后,相较于其他方法,在降低数据维度减少计算量的同时仍具有良好的检测效果;在较大规模的源域数据集和较小规模的目标域数据集上,本文模型均取得了良好的检测效果;在目标域中利用迁移学习微调策略能够学习到源域中的知识,模型检测准确率为99.06%;在训练时间对比中,本文模型训练时间消耗更少,具有更好的泛化能力,能够更好地保护工业控制系统安全。
Abstract:Aiming at the problem of feature redundancy in industrial control system traffic data and the poor detection ability of deep learning models for small-scale data sets, an industrial control system intrusion detection model based on feature selection and temporal convolutional networks was proposed. First, the abnormal features and sample imbalance data of the source domain dataset were processed to improve the quality of the source domain dataset. Secondly, in view of the feature redundancy of traffic data, a IGR–PCA feature selection algorithm was constructed by using the information gain rate and principal component analysis method, and the optimal feature subset was selected to achieve data dimensionality reduction. Then, according to the time series characteristics of industrial control system traffic data, the excellent processing ability of temporal convolution network (TCN) for time series data was used to construct a source domain temporal convolution network pretrained model on a large-scale source domain data set. Finally, combined with the transfer learning (TL) fine-tuning strategy, the traffic characteristics of the source domain sample data were obtained on a small-scale target domain dataset, and the target domain TCN–TL model was constructed. The experimental test was carried out using the public industrial control system data set. The experimental results showed that compared with other methods, the proposed method can reduce the data dimension and reduce the calculation amount while still having a superior detection effect. The model proposed in this paper has achieved good detection results on both large-scale source domain data sets and small-scale target domain data sets. In the target domain, the transfer learning fine-tuning strategy can be used to learn the knowledge in the source domain, and the detection accuracy rate is 99.06%. In the training time comparison, the proposed model consumes less training time. Meanwhile, it also has better generalization ability and can better protect the security of industrial control systems.
文章编号:202100984     中图分类号:TP391    文献标志码:
基金项目:国家自然科学基金项目(61772551);山东省自然科学基金项目(ZR2019MF034)
作者简介:第一作者:石乐义(1975-),男,教授,博士,博士生导师.研究方向:网络安全;博弈论和移动计算.E-mail:shileyi@upc.edu.cn
引用文本:
石乐义,侯会文,徐兴华,许翰林,陈鸿龙.基于特征选择和时间卷积网络的工业控制系统入侵检测[J].工程科学与技术,2022,54(6):238-247.
SHI Leyi,HOU Huiwen,XU Xinghua,XU Hanlin,CHEN Honglong.Industrial Control System Intrusion Detection Based on Feature Selection and Temporal Convolutional Network[J].Advanced Engineering Sciences,2022,54(6):238-247.