| Industrial control systems(ICSs)are related to all aspects of human life and have become the target of many cyber-attackers.Protocols used by ICSs contain little to no security features and are vulnerable to various attacks.In addition,attacks on ICSs may not only cause monetary loss,but also damage equipment,the environment and hurt staff.Such as the Stuxnet and the cyber attack on the Ukrainian power grid.So the intrusion detection of ICSs has a great significance and has become a world-wide hot topic.This thesis studied the intrusion detection of industrial control system by telemetry analysis.Telemetry means achieving intrusion detection in other ways rather than enter the ICS network.This thesis improved the approach to detect the intrusions into industrial control system network by machine learning algorithms such as support vector machine algorithm and decision tree algorithm.By extracting features such as client response time,server response time,client side packet size and server side packet size achieving malicious traffic detection and attack types recognition.The developed IDS was able to achieve 99.05 percent accuracy when detecting malicious traffic,and 96.33 percent accuracy when recognizing attack types.Based on this,we designed a fusion decision module to further reduce the false positive rate.Through contrast experiments,we proved that this module can improve the recognition rate of malicious traffic in different machine learning algorithms.Finally we achieved the whole system by Django framework.The experimental results showed that the improved model has good performance in both malicious traffic detection and attack types identification. |
PDF Full Text Request