Research On Intrusion Detection Algorithm Of Industrial Control Systems Based On OCSVM

At the beginning of the design in industrial control system(ICS),the most important consideration is the reliability and the stability of ICS,but not the information security.However,the deep integration of information and industrialization,and the application of Ethernet technology in ICS,which expand the development space,also bring information security issues for ICS.One of the important reasons causing the vulnerability of information security in ICS is the vulnerability of industrial communication protocols which can communication without any security mechanism and authentication.However,the existing information security technology can not be directly applied in ICS.Security technology suitable for ICS must be invented according to the characteristics of ICS.An intrusion detection algorithm based on one class support vector machine(OCSVM)for ICS is designed in this paper to ensure Modbus communication security.This paper introduces the design flaws and security issues of Modbus TCP protocol.The data packet structure of Modbus TCP is analyzed and industrial data are selected.The feature of industrial data is extracted by feature extraction method combining with principle component analysis principle.Feature extraction method can reduce the complexity of the data.The characteristic of industrial data is that the numbers of normal data is bigger than abnormal data,because ICS usually work under normal conditions.Imbalance of two kinds of data samples result in it is difficult to establish intrusion detection model.OCSVM is developed based on support vector machine algorithm,which can be trained by a class of samples,and is robust to noise data.The normal industrial data are trained by OCSVM to get the intrusion detection model of ICS.This model has good generalization ability and can identify unknown attacks effectively.The parameters of intrusion detection model are optimized by the particle swarm optimization(PSO)algorithm in order to solve the intrusion detection,such as low accurate rate,long training time,high false positive rate and high negativerate.Because of the fast convergence of PSO,the optimization time is reduced greatly as well as the training time of OCSVM.The model is also optimized and the complexity of model is reduced at the same time.The detection accuracy of intrusion detection model is improved effectively and positive and false negative rates are reduced.This detection model can meet the requirements of accuracy,reliability and efficiency in ICS.Intrusion detection model should be updated constantly since industrial data continue to accumulate.A simple detection model based on OCSVM incremental learning is designed to improve current intrusion detection system based on historical learning.The detection model should be adjusted with the minimum cost according to the changes caused by the new sample.A detection model based on double OCSVM is designed to solve false negative rate for ICS.This model is built by training detection model with normal data and abnormal respectively and judge abnormal data through the joint identification mechanism.This model can provide an idea to solve false negative rate for OCSVM in the future.