Research On Anomaly Detection And Attack Classification In Industrial Control System Based On Deep Learning Method

The Industrial Control System(ICS)is the lifeline of countries.The extensive use of information technology has increased the production efficiency,but it also brings certain security risks to the industrial production process.In recent years,there have been more and more network physical attacks against industrial control systems.Anomaly detection of industrial control systems is a greatly effective safety protection technology and has been extensively studied worldwide.The current research focus is on how to improve the performance of industrial anomaly detection methods.At the same time,it is not enough to treat abnormal behavior detection as a binary classification problem.To quickly locate the source when the network attack occurs,and to achieve the mitigation and recovery of the control system state,it is necessary to divide the ICS abnormal patterns in more detail.Therefore,convolutional neural network,one of the deep learning methods,is used in this paper as a method for industrial control anomaly detection and attack classification.The main research work is as follows:Firstly,considering the strong correlation between industrial traffic characteristics,a feature mapping method based on Mahalanobis Distance is proposed,and the original industrial data stream is processed by using the feature mapping method.One-dimensional data is mapped into a two-dimensional feature matrix suitable for convolutional neural network model processing.Secondly,this paper proposes a visualization method of feature matrix.Each two-dimensional feature matrix after feature mapping is visualized and the visualization result is displayed.The visualization results are analyzed to provide theoretical support for the anomaly detection and attack classification based on deep learning method.Finally,an industrial anomaly detection and attack classification model based on convolutional neural network is proposed.According to the characteristics of the grayscale map generated by the traffic data,the convolutional neural network model is designed and constructed.After the construction completed,the model is trained and tested.A supervised learning algorithm is used to determine the weighting coefficients of each layer in the neural network model.The data used for model performance evaluation in this paper is real cyber-physical attack traffic collect from Supervisory Control And Data Acquisition(SCADA)system.Experimental results show that the proposed method of industrial control anomaly detection and attack classification based on convolutional neural network performs well in both binary and multi-classification scenarios.It is shown that this method can meet the safety requirements of industrial control system and provide safety assistance for industrial control system.