Research On White-list Self-learning Method Of Industrial Firewall With Improved PSO-SVM

In the environment of continuous integration of industrialization and informatization,industrial Internet,etc.,industrial control system is gradually applied to various fields of industrial networks,and their security issues have become the premise of social development and normal work of people.As the key equipment of industrial control system,how to improve the accuracy of self-learning of firewall rules has become a hot topic in current research.Firstly,the structure of the industrial control data acquisition and monitoring system(SCADA system)is analyzed,and its main layer and communication network are briefly introduced.The risk of the SCADA system,the measures taken against the risk and the safety system are analyzed in detail.Secondly,the Modbus TCP protocol in the special protocol of industrial control system is understood,and the main components of its communication structure and frame structure are analyzed.Compare the differences between the two important protocols,Modbus TCP and Modbus RTU.Describes how the Modbus TCP protocol is transmitted.The data in this paper is mainly combined into a sequence of function codes and register(coil)addresses in the collected Modbus TCP protocol,and analyzed.Thirdly,the system structure of the industrial firewall and the functions of each module are introduced.A brief description of the white-list rule self-learning method for industrial firewalls.The basic principle of support vector machine(SVM)classification algorithm is analyzed.The selection of penalty factor and kernel function is analyzed briefly.Aiming at the shortcomings of SVM algorithm,this paper proposes a self-learning method based on improved PSO-SVM rules.The flow chart of the algorithm is described and the simulation results are analyzed.Compared with the simulation results of the standard PSO-SVM algorithm,the accuracy of self-learning of industrial firewall rules is improved.Finally,simulate a small sewage treatment system to build a simple simulation experiment environment.Use Wire-shark to collect and captureindustrial control data,and analyze its characteristics to establish a white-list rule base.The particle swarm optimization algorithm,grid search method and improved particle swarm optimization algorithm are used to optimize the parameters in the SVM algorithm to obtain the accuracy of normal data and abnormal data.The experimental results show that the improved particle swarm optimization algorithm combined with SVM algorithm can improve the accuracy of normal data and abnormal data,and improve the accuracy of self-learning of industrial firewall whitelist rules.