Design And Implementation Of Spark-Based Industrial Control Network Security Early Warning Platform

In the wake of steadily ceaselessly development of Internet plus,informationization and industrialization,industrial control networks have been widely used in national infrastructure.However,in the context of this environment,industrial control systems mostly use Ethernet because there is no special physical isolation.With the opening of the network environment and the industrial control network constantly being attacked by security,the industrial control network faces enormous challenges.The intelligent development of industrial control systems,along with the data in the industrial control network,is characterized by sea quantification,high dimensionality,and complexity.At present,most of the industrial security control systems established by the industrial control network are based on Hadoop as the carrier.Analysis,identified by modeling of related machine learning algorithms,but does not take into account the real-time,efficiency and scalability of security warnings.This paper establishes a fast,efficient,accurate and scalable security early warning platform based on Spark computing framework.It can get real-time calculation and analysis in the face of large-scale complex data.According to the characteristics of industrial control network,combined with the requirements of full early warning of industrial control network,this paper studies the key technologies of current mainstream big data computing system,distributed publishing and subscription message system and deep learning training framework.After that,in accordance with the design requirement analusis of the platform,an industrial control network security early warning platform with Spark computing engine as the core is constructed.At first,the overall architecture schematic diagram of the platform is designed,which is divided into four function modules: data collection and network traffic deep packet inspection protocol analysis module,real-time data analysis and processing module,security early warning prediction module and data storage module.Firstly,the data source is automatically collected by using the network traffic sensor,and the deep packet inspection technology is used to analyze and summarize the content of the application layer.Then,the distributed publishing and subscription message system is used as a bridge to establish a channel for real-time analysis and calculation with Spark,and the feature is performed.Pre-processing realizes real-time analysis and statistics of complex massive data in industrial control network,then establishes Spark distributed convolutional neural network traffic anomaly detection model through DeepLearning 4J,and finally stores persistently stored data,using Redis pair The distributed storage and presentation of real-time data,and the storage of predicted result data,facilitate the incremental update of the model,use the model to predict the real-time data and present the real-time results to achieve the purpose of security early warning,which is conducive to the work of the staff.Through the deployment and implementation of the platform,the data analysis and the test platform's applicability,throughput performance,model training and recognition performance performance overhead are analyzed for the case of power control network,and finally compared with other algorithms.,verify the recognition rate and accuracy of the platform.This proves that the platform has the advantages of high feasibility,high throughput,high real-time efficiency,high recognition accuracy and strong scalability.It can analyze the complex high-dimensional data of industrial control network in real time and achieve safety warning.The purpose is to provide convenience for the staff,save costs and improve efficiency.