Research On Whitelist Self-learning Of Industrial Firewall Based On SVM Optimized By PSO-GA

With the deep integration of informatization and industrialization,the relationship between management network and industrial control network of modern industrial control system is increasingly close,the security problems encountered in the information technology network gradually spread to the industrial control system.In recent years,attacks on industrial control systems in various countries have occurred frequently,and the problem of industrial control network security needs to be solved urgently.The commonly used equipment in industrial network security protection is the industrial firewall,the core of which is to use the whitelist strategy to conduct in-depth analysis of data packets and effectively intercept attacks.This paper first introduces the current situation of the industrial control network security,distinguishes the management network and the production network in the industrial control system,and explains the location and role of the industrial firewall in the industrial control system.This paper introduces the SCADA system in the industrial control network,introduces the most widely used industrial control protocol Modbus TCP in detail,analyzes the causes of their vulnerability,introduces the white list self-learning method in the industrial firewall,and designs an anomaly detection model based on SVM algorithm in the white list self-learning method.Secondly,in view of the SVM classification accuracy is mainly affected by the penalty factor and kernel function selection problem,this article introduce intelligent algorithm to find out the optimal parameters,and the weight coefficient of particle swarm optimization algorithm and learning factor respectively using linear and nonlinear adjustment strategy to improve,in order to avoid the algorithm falling into the local extreme value,the genetic algorithm is combined to form a composite algorithm.Then a SVM whitelist self-learning method based on particle swarm optimization is proposed.Simulation results show that compared with the standard particle swarm optimization algorithm,the proposed algorithm can improve thedetection accuracy of industrial control data.Finally,an industrial control platform was built to simulate a simple automatic handing manipulator control system,and the software wireshark was used to grab Modbus TCP packets,and the function code and register starting address of Modbus TCP were taken as features to establish a white list rule library.In MATLAB software,particle swarm optimization,standard particle swarm optimization and the particle swarm genetic hybrid algorithm optimization were used to train the data to obtain the optimal parameters of C and g of SVM,and the trained SVM model was used to test the normal data and abnormal data.The the particle swarm genetic hybrid algorithm optimization designed in this paper has significant improvement in the five indexes of testing accuracy,false alarm rate,missing alarm rate and G-Mean for normal and abnormal data,which verifies the effectiveness of the algorithm designed in this paper.