Research On Intrusion Detection Algorithms For Industrial Control Systems Based On Online Machine Learning

The industrial control system is the key to realize smart grid,intelligent manufacturing and so on.Openness,intellectualization,networking and real-time lead to severe information security challenges for industrial control systems.The intrusion of industrial control system has the characteristics of long time span and less prior knowledge.As a result,the intrusion detection algorithm based on rules and batch learning can not meet the needs of industrial control system in terms of real-time and efficiency.The key of intrusion detection algorithm for industrial control systems is that the information of trans-temporal sensors and controllers can be classified quickly,real-time and accurately when the data distribution is unbalanced.Aiming at the real-time requirement of industrial control intrusion detection system,this thesis uses online learning mode to study the intrusion detection algorithm of industrial control system,so as to realize identification of intrusion behavior quickly and accurately.Aiming at the problem of high cost of data labeling caused by large amount of real-time data generated by industrial control system and unbalanced distribution of data classes with relatively small proportion of abnormal behavior data,a cost-sensitive online gradient descent algorithm CSOGD is improved,and a cost-sensitive active machine learning algorithm based on online learning is proposed.By increasing the cost of misclassification of minority classes in binary classification,the classification model can give the classification prediction results with higher confidence,and improve the recognition rate of minority classes.By choosing the data samples with the largest amount of information to mark,and only utilizing marked samples to update the classification model,the classification accuracy of intrusion detection model are improved and the workload of data annotation are reduced at the same time.The results show that on the data set of industrial control system provided by Mississippi State University,the cost-sensitive active learning algorithm proposed in this thesis improves the recognition accuracy of abnormal behavior by 11.08% compared with CSOGD algorithm.To meet the needs of Real-time Anomaly Detection and anomaly behavior recognition in industrial control systems,a cost-sensitive multi-classification algorithm based on online learning is proposed.The algorithm receives the data generated by the system in real time,and designs the cost matrix according to the number of samples in the data sample set by the idea of cost-sensitive.The algorithm utilizes the loss function of error classification based on the cost matrix to calculate the model loss caused by different error classification,updates the model and gives the prediction results of real-time data with high confidence,in order to improve the ability to identify different types of abnormal behavior.The results show that on the industrial control system data set provided by Mississippi State University,the detection accuracy of the anomalous behavior with the least data concentration reaches 89.40%,which is 55% higher than that of ROMMA.The algorithm proposed in this thesis realizes real-time intrusion detection,abnormal behavior classification and real-time updating of detection model in industrial control system under online environment.It is suitable for intrusion detection classification tasks with unbalanced data classes in industrial control system.