Research On Flow Anomaly Detection Technology Of Industrial Control System Based On OCSVM-KM

With the continuous integration of industrialization and informatization,the importance of industrial control system as the link of the integration of industrialization and informatization is constantly improving,but its security is also constantly challenged.More and more malicious attackers attack industrial control system by finding the vulnerability of industrial control system.How to maintain the security of industrial control system has become an urgent problem.Traffic anomaly detection technology is one of the main methods of industrial control system security defense.The technology finds attack events by judging the type of traffic data,and makes corresponding defense strategies to achieve the purpose of industrial control system in a security environment.However,as the dimension of traffic data increases,the accuracy of traffic anomaly detection will decrease.OCSVM algorithm only needs the normal flow data to establish the detection model,which is very suitable for the real industrial control system environment.OCSVM algorithm applied in industrial control system can play a certain role of detection and defense.However,its application in industrial control flow anomaly detection technology not only has the problem of accuracy,but also has the problem of single classification,which leads to the specific types of abnormal data can not be further judged.Therefore,this paper proposes a dimension reduction method to solve the above problems.Based on the dimension reduction method,this paper proposes OCSVM algorithm model optimization method and OCSVM-KM method to improve the accuracy of anomaly detection.The main contents and innovations of this paper are as follows:Firstly,in order to reduce the flow data dimension of industrial control system and improve the detection effect,this paper proposes a HF feature selection algorithm.The algorithm removes redundant features based on the relationship between features and features,and does not change the meaning of features.It can reduce the dimension of unlabeled industrial control system flow data.The experimental results show that HF algorithm has good dimensionality reduction effect on industrial flow data.Secondly,aiming at the problem that the detection effect of OCSVM algorithm model is greatly affected by the parameters,this paper proposes an optimization algorithm of OCSVM based on HIPA.HIPA algorithm is a hybrid swarm intelligence optimization algorithm based on Improved PSO and ABC algorithm.The experimental results show that HIPA algorithm has a good optimization effect on OCSVM algorithm,and the detection effect of OCSVM detection model can be improved by HIPA algorithm optimization.Finally,aiming at the problem that the OCSVM algorithm prediction accuracy is not high enough,the false positive rate is not low enough,and cannot analyze the type of abnormal data,this paper proposes an OCSVM-KM algorithm.The algorithm reprocesses the detection results of OCSVM model with K-Means algorithm.Through the experimental verification,OCSVM-KM algorithm can improve the prediction accuracy,reduce the false positive rate,and has a certain reference significance for the multi-classification results of abnormal data.