Research On Industrial Network Anomaly Detection Algorithm Based On FCM-SVM

The traditional industrial control system is usually based on factory areas,which is independent of each other and has no physical connection with the outside world.With the rapid development of industrial information and network technology,however,more and more industrial control systems adopt common hardware and common software.The openness of industrial control systems is being increased in day by day.System vulnerabilities and defects are easily exploited by viruses.However,the industrial control system is applied to various large-scale manufacturing industries in the country such as electricity,transportation,petroleum,heating and pharmaceuticals.In the event of a massive loss of attack,effective methods are needed to ensure the network security of the industrial control system.This paper focuses on the application of Modbus / TCP communication protocol in industrial control system,and proposes an industrial network anomaly detection algorithm based on fuzzy C-means clustering and support vector machines.In order to solve the problem of viruses and Trojans attacking the application layer network protocol of industrial control system,this dissertation takes Modbus communication protocol as the research object,mainly analyzes the rules of Modbus /TCP communication protocol,and introduces the abnormal behavior of Modbus and analyzes the security.According to the characteristics and periodicity of the communication behavior of industrial control system,the traffic flow data of Modbus/TCP protocol in industrial control system are extracted.Finally,the extracted and constructed communication data are preprocessed,the fuzzy C-means is used to get the clustering center,the distance between the communication data and the clustering center is calculated,and part of the data satisfying the threshold condition is further classified by the support vector machine.The model combines unsupervised fuzzy C-means clustering and supervised SVM to realize machine learning of industrial network anomaly detection.Compared with the traditional anomaly detection method,this method combines unsupervised learning and supervised learning perfectly,can effectively reduce the training time and can improve the classification accuracy without knowing the category tags in advance.In the industrial network abnormality detection model based on fuzzy C-means clustering and support vector machine,the selection of support vector machine parameters has a great influence on the accuracy of the model.In order to improve the application ability of the algorithm in practical problems,the parameter optimization methods of grid search algorithm,genetic algorithm and particle swarm optimization are studied.The penalty factors and kernel function parameters of SVM are optimized and the advantages and disadvantages of each parameter optimization algorithm to the anomaly detection model are summarized.The results show that the classification accuracy obtained by using the intelligent algorithm to optimize the SVM parameters is greatly improved than the traditional classification accuracy based on the empirical choice parameters.After the parameter optimization of industrial network anomaly detection model,making the algorithm detection accuracy and practicality have been greatly improved.The model does not need to be changed and can be well applied in the actual system to meet the requirements of high efficiency of industrial control system anomaly detection.