Application Of Anomaly Detection Algorithm Based On Support Vector Machine In ICS

With the emergence of industrial 4.0,industrial control system(ICS)has developed rapidly.The informationization of industrial control system simplifies the production process,improves the production efficiency,and increases the risk of being attacked.Unlike IT Internet,the design of industrial control system gives priority to functionality and practicability,lacks safety protection considerations,and increases complex safety protection measures affect industrial production efficiency.Therefore,the research on safety protection of industrial control system has become the focus of attention.Industrial control system safety protection measures still rely on industrial firewall and horizontal and vertical isolation of filtering control,lack of timely and effective detection methods.In order to improve the detection efficiency and accuracy of industrial control safety detection,anomaly detection method based on SVM is studied and applied to industrial control network security monitoring system.The main research work includes:(1)Introduced the research background of industrial control network security,elaborated the existing security problems,indicated the necessity and significance of industrial control system security protection.This paper summarizes the research status of industrial control network security at home and abroad.The difference between industrial control system and IT Internet security requirement is analyzed,and the security protection technology of industrial control system is studied.(2)Aiming at the problem that the detection efficiency of anomaly detection algorithm will be affected by large data sets,the data dimension reduction method is studied.Semi-supervised LDA method is used to reduce the dimension of data,standardize and quantify the data set,acquire the PSO optimization support vector machine parameter training anomaly detection model,carry out simulation experiments on the open industrial control data set,and analyze the experimental results.(3)Aiming at the problem of how to apply anomaly detection method to industrial control system,the structure and function module design of industrial control network security monitoring system are studied.The industrial control environment is simulated and built.The flow of industrial control data in the simulated experimental environment is captured and the system test is carried out.The innovations of this paper include:(1)An anomaly detection method based on semi-supervised LDA and PSO-SVM is proposed.The information content ratio is introduced to adjust the role of PCA in data dimension reduction method,and then the inertia weight is adjusted to improve the PSO parameters to optimize the support vector machine in order to improve the detection rate.The experimental results show that the improved anomaly detection method has faster convergence speed and higher detection rate than the single anomaly detection method using PCA or LDA for data dimension reduction.(2)The security monitoring system of industrial control network is designed and implemented,and the anomaly detection method is embedded in the anomaly detection module.The system test results show that the system runs normally and realizes the real-time alarm function for abnormal traffic in the simulated environment.