Research On Intrusion Detection Method Based On Machine Learning For Industrial Internet

Recently,intrusion detection technology has aroused widespread attention from the whole industrialization and academia.In this research area,it has continually appeared many new related intrusion detection technologies,algorithm and IDS.According to the analysis from Industrial Internet Security Situation Report published by ICE-CERT(US)in 2016,there are more than 80 percent National Critical Infrastructures(NCI)which highly rely on Industrial Internet to realize the automation of production procedure.However,there are many problems in the present intrusion detection method for Industrial Internet,for ex ample,the real-time issue,the performance of detection and the redundancy issues in the experimental data set.Aiming at the above illustrated problems,the thesis mainly utilizes machine learning methods,for example,feature selection method,real-time dynamic response mechanism and image perceptual hash feature selection method to do the research works about pivotal technologies of intrusion detection for industrial Internet.The feature selection methods used in our research include decision-theoretic rough set feature selection method,information entropy feature selection method and mutual information feature selection method.The main research works are as follows.1.To keep the high detection performance with known and unknown intrusion behaviors and reduce the false alarm rate,an integrated artificial immune intrusion detection model based on decision-theoretic rough set was proposed.Firstly,by the approach of decision-theoretic rough set attributes reduction algorithm(DTRSA),attributes reduction was finished.And the rule set was obtained from the train data set which has the binary string form.Secondly,taking into consideration of the negative selection algorithm(NSA),the rule set included self-rule set and nonself rule set,produced the corresponding detectors set.Vaccine mechanism was added into the model.Finally,real time dendritic cell algorithm(rt DCA)analyzed the input information and antigen information.And the antigen matching threshold was obtained.Considering the intrusion behavior and antigen matching threshold,the dynamic increases of rule set was achieved.Experimental results show that,the proposed model obtained the lower false positive rate(FP)and the true positive rate(TP)reached to 95.5%.And both known and u nknown intrusion detections had the high performance.2.Aiming at the security issues on industrial Internet and the demerits of existing traffic modeling approaches in the field network,the traffic characteristic map-based intrusion detection model for industrial Internet was proposed.Firstly,by using of information entropy method,traffic characteristic vector can be obtained from the selected vital traffic characteristic attributes set.Secondly,the traffic characteristic vector can be transformed into triangle area mapping matrix via the multiple correlation analysis approach and traffic characteristic map can be established.Finally,with the using of image perceptual hash features extraction technique based on DCT and SVD,perceptual hash data of normal and abnormal traffic characteristic map can be produced.And,the corresponding rule set can be generated,which is essential for the modeling of network traffic periodic characteristics in industrial field network.As the experimental results show that the proposed approach has good performance of intrusion detection in the field network.Meanwhile,the proposed method has good robustness and discrimination.3.High dimension,redundancy attributes and high computing cost issues usually exist in the industrial Internet intrusion detection field.For the solving of these problems,the mutual information-based intrusion detection model for industrial Internet was proposed.Firstly,by using features selection method based on mutual information,the attributes set was reduced and the normal and abnormal traffic characteristics maps were established.Secondly,with the using of discrete cosine transform and nonnegative matrix factorization,we can produce normal and abnormal hash digest,which was used to produce intrusion detection rules.Finally,the similarity measurement is achieved via the normalization Hamming distance.And the experimental results show that,with the NSL-KDD experimental data,by using the features selection approach based on mutual information,the proposed model has good classification accuracy and gets good detection performance.