Research On Intrusion Detection Technology Of Industrial Control Systems Based On Machine Learning

With the deep integration of industrialization and informatization,safety incidents of industrial control systems often occur in recent years.The vulnerability of industrial communication protocol is one of the important reasons for the occurrence of industrial control system security incidents.Intrusion detection is one of the common information security technologies,but the intrusion detection technology in traditional information technology can't be directly applied to industrial control system.Therefore,according to the characteristics of industrial control system,intrusion detection technology for industrial control system is studied in this paper.Firstly,the Modbus/TCP protocol is studied,and the security problems of the protocol are analyzed.Then the intrusion detection data set of industrial control system is described,and the data set is preprocessed,including sample label numeralization,normalization and attribute reduction.Secondly,five kinds of machine learning algorithms are analyzed and compared in this paper.Two kinds of algorithms,extreme learning machine(ELM)and support vector machine(SVM),which have strong generalization ability,are selected to construct intrusion detection model.The simulation experiments are carried out with the intrusion detection data set of industrial control system.The experimental results show that the two algorithms have high accuracy,but each has its own advantages and disadvantages.The ELM model is better than support vector in training time.The SVM model is higher than the ELM model in accuracy.In order to improve the accuracy of the ELM model and reduce the training time of the SVM model,a hybrid adaptive quantum particle swarm optimization algorithm is proposed to optimize the two models.Firstly,differential strategy is added to the algorithm to improve the random position updating of particles.Then the method of parameter adaptation is used to control the parameters.Finally Levy flight strategy is added to the particle position updating.The new algorithm solves the problem that the original algorithm falls into local optimum easily.The test results of typical functions show that the improvement is effective.After optimization,the accuracy of the ELM model has been improved,and the training time of the SVM model has been reduced.The accuracy of combined classifiers is usually higher than that of single classifiers in machine learning.Stacking is one of the combined classifier methods.In order to improve the performance of intrusion detection model of industrial control system,in this paper,optimized ELM,optimized SVM and Extreme Gradient Boosting are taken as basic learning algorithm.Linear regression algorithm is taken as meta-learning algorithm.They are used to construct intrusion detection model based on Staking combined classifier.The experimental results show that the accuracy of the model is improved comparing with the single classifier model.The false positive rate and the false negative rate are reduced.