The Research On Industrial Abnormal Traffic Detection Technique Based On Machine Learning Methods

As the national basic system,Industrial Control Systems(ICS)has attracted great attention from the academic and industrial fields.However,the security issues embedded in the ICS have also restricted the overall deployment of the system.Before the widespread adoption of the Internet,ICS adopted "air gaps" as a safeguard.Today,in the face of increasingly complex network environments and intrusions by attackers,security precautions based on "air gaps" have shown obvious limitations,and the security of ICS is facing huge challenges.First,industrial traffic has the characteristics of personalization,high redundancy,and many noises.How to effectively extract industrial features and provide reliable training data for anomaly detection classifiers is one of the challenges.Secondly,the imbalance of industrial abnormal traffic leads to insufficient training of the classifier.How to effectively sample and enhance the data to make the training data distribution more complete is one of the challenges.Third,the accuracy and false alarm rate of industrial anomaly detection methods can continue to improve.How to improve the detection algorithm and build a high-precision method for detecting abnormal traffic is also a challenge.In view of the above problems,this paper mainly studies three stages of anomaly detection,namely feature engineering,data enhancement and anomaly detection algorithms,then proposes solutions separately.First,this paper proposes an industrial traffic feature reconstruction algorithm—Regression Trees based Parallel Stacking(RTPS).This algorithm can solve the difficulty in designing industrial traffic characteristics,which is caused by personalization,high redundancy,and high noise.Secondly,this paper proposes a self-learning algorithm for spatial distribution of traffic—Euclidean distance based Between-Class learning(EBC learning).This algorithm can solve the problem of incorrect boundary distribution estimation caused by limited training traffic.Thirdly,based on EBC learning,a novel detection method is proposed—Border-line SMOTE and EBC learning based RF(BSEBC-RF).This method shows certain advantages in detection accuracy,false alarm rate and efficiency.Fourthly,this paper proposes an industrial traffic anomaly detection algorithm—Elitist selection strategy and Non-dominated sort based Evolutionary Neural Networks(ENENN).This algorithm can solve the problem that deep learning falls into a local optimal solution during the training phase of anomaly detection,which leads to low detection accuracy.The above three algorithms are tested on five industrial traffic datasets and compared with other solutions.The experimental results show that both the feature reconstruction algorithm based on RTPS and the spatial distribution algorithm of self-learning traffic based on EBC Learning can effectively assist industrial anomaly detection.The industrial detection algorithm based on ENENN can achieve high-precision detection of industrial abnormal traffic,providing a reliable guarantee for the safety of ICS.