Research On Intrusion Detection Method Of Industrial Control System

Industrial control systems(ICSs)are widely used in electric power,water conservancy,metallurgy,petroleum and other industries.They are composed of various automation control equipment components and network systems for real-time data acquisition and monitoring.They are the core of the country's critical infrastructure.Once attacked,it is easy to cause national economic losses and even threaten the safety of people's lives and property.As industrial control systems gradually use more open and generalized protocols,the network security threats and risks of ICSs are also increasing.Therefore,it is urgent to study industrial security technology to ensure the safe operation of ICSs.Intrusion detection technology is one of the most important security precautions in industrial control systems.It can effectively detect known and unknown attacks and improve the ability of industrial control systems to identify attack threats and early warnings.However,due to the high real-time performance of industrial control systems and limited equipment resources,the existing intrusion detection for industrial control systems still has shortcomings such as low detection efficiency and inability to effectively identify unknown attacks.Therefore,it is necessary to design a reasonable intrusion detection method and framework to improve the intrusion detection rate of industrial control systems,reduce false negative rate and false positive rate.Based on the existing research results,we analyzes the characteristics of ICSs network security,and conducts research on intrusion detection based on network traffic.The following works are the main research contents:(1)A feature selection method based on improved ABC is proposed,which can realize data dimension reduction of ICSs network.According to the characteristics of multi-source,complexity and high-dimensionality of industrial control data,a feature selection method suitable for data dimensionality reduction of information management system of ICSs is proposed.According to the new method,tabu search algorithm is introduced to the neighborhood search strategy of ABC,which can improves the local and global optimization ability of ABC.A new roulette selection probability formula is designed for the observation bee of ABC.In the last phase of iteration,the global optimal value is highlighted in the group value,and the optimal feature subset of the industrial control data is quickly found.(2)After feature selection of ICSs network data,a new data set is extracted according to the optimal feature subset,and the SVM intrusion detection model is trained based onthe new data set.Firstly,a new data set is extracted according to the optimal feature subset for training of SVM intrusion detection model.Then,the KDD Cup 99 data set covering the intrusion detection characteristics of the industrial management system information management layer is adopted to verify the validity of the designed SVM intrusion detection model.the experimental results show that after the feature selection,a new data set is extracted for SVM training,and the detection rate of intrusion detection is significantly improved.(3)Considering the interdependence between feature selection and SVM model parameter optimization,the scheme of feature selection and model parameter synchronization optimization is proposed.At first,two different selection probability formulas are designed and applied to the ABC algorithm for different iterative evolution periods.The advantages of doing so is to keep balance between the highest detection rate and the optimal feature subsets which have the fewest number of features.Then,based on the optimized feature subsets and model parameters,the SVM industrial control intrusion detection model is constructed.In addition to the KDD Cup 99 data set,the simulation experiment also used the natural gas pipeline intrusion detection standard data set developed by Mississippi State University to verify the effectiveness of the above method.The experimental results show that the new method outperforms other traditional methods in modeling time and detection time,especially in detection rate with 97.6% on top.