Research On Intrusion Detection Method Of Industrial Control Network Based On Machine Learning

As the core component of the industrial control system,the security of industrial control network becomes the focus of people's attention with the continuous increase of network attacks.As an active security defense measure,intrusion detection can effectively detect the intrusion before the attack,and realize the real-time monitoring of industrial control network security.Based on the background of industrial control network intrusion detection,supported by industrial control system network data,combined with the requirements of industrial control network intrusion detection and machine learning technology,in order to solve the existing problems of industrial control network intrusion detection technology,this paper studies the intrusion detection methods applicable to industrial control network.First of all,the structure of industrial control network is analyzed,and the communication characteristics of industrial control network are clarified;the vulnerability and security threats of industrial control network are analyzed,and the differences between industrial control network and traditional IT network are compared;the key points of intrusion detection technology based on machine learning are analyzed,and the evaluation criteria of intrusion detection method are defined,and the data used in this paper is analyzed.Secondly,according to the requirements of industrial control network intrusion detection for high accuracy and real-time,combined with the characteristics of high accuracy of supervised learning algorithm under label data set,an intrusion detection method based on LightGBM is proposed.Based on Python modeling and simulation,compared with other machine learning models under the selected indexes of accuracy and accuracy,the superiority of the model is verified.In order to solve the problem of data imbalance and parameter adjustment in LightGBM modeling,nearmiss is used to undersampling most classes,and Bayesian algorithm is used to optimize the parameters.In python environment,modeling and simulation are carried out,and the effect of the optimized method is evaluated.Then,LightGBM can not effectively detect unknown attacks,and the lack of label data in the real environment,the high cost of manual labeling and other issues.Based on unsupervised learning,this paper proposes an intrusion detection method based on AE-1SVM.This method uses the normal state data of the network to build the anomaly detection model.By combining the deep learning with the traditional machine learning algorithm,it extracts the features in the deep level,classifies them with OCSVM,approximates the kernel function with random Fourier features,and optimizes the endto-end training with Adam to realize the accurate recognition of the intrusion behavior,especially the unknown intrusion behavior.Based on Python modeling and simulation,the effectiveness of the proposed method is evaluated.Finally,considered that the first mock exam's ability to detect various attacks,and combining the advantages of LightGBM in known attack recognition and AE-1SVM in unknown attack recognition,a hybrid intrusion detection scheme is proposed.LightGBM is used to identify the first stage attack,AE-1SVM performs second stage unknown attack recognition,and the scheme is implemented based on Stacking framework.The simulation is carried out in python environment,and the detection effect is evaluated.