| With the rapid development of industrial control modernization,traditional manufacturing and the Internet are closely integrated,so as to obtain a more intelligent industrial control system.The intelligentization of industrial control system not only improves the manufacturing power of enterprises,but also facilitates the control and management of remote production site,but also brings a series of network security problems.External attackers can more easily destroy the industrial control system through the network.The purpose of this paper is to solve this problem and improve the safety of industrial control system.Based on the analysis of the existing intrusion detection technology,a hybrid intrusion detection method based on industrial control network is proposed.In addition,for the problem that the mass alarm log affects the operator to deal with the alarm information correctly and timely,a solution based on the alarm log deweighting and priority grouping processing is also proposed.The specific research contents of this paper include:(1)Aiming at the data imbalance of data samples and unknown types of attacks,a detection method combining multiple algorithms is proposed.In this paper,KPCA and SMOTE method were used to reduce and balance the unbalanced data,and then SMOTE classified the attack type based on the stochastic forest algorithm.On this basis,the remaining unknown type data was further classified by KNN algorithm,so as to detect the abnormal data.The experimental results show that the hybrid multi-class detection method has a good detection effect on unbalanced sample data and unknown attack types,and also significantly reduces the training time required.(2)For the redundant and disordered abnormal alarm logs,a method of de-reweighting and priority grouping of alarm logs is proposed.In this method,relations among multiple alarm logs were established by introducing the PN diagram,and the deweighting rule base was established for deweighting.Then,in order to further enhance the security of the industrial control environment,priority grouping was conducted for the remaining Modbus TCP alarm logs,so as to facilitate the administrator to quickly find and solve the abnormal intrusion behavior.The experimental results show that this method can improve the response ability of Modbus TCP system.(3)I The intrusion detection system based on Modbus TCP is designed and implemented.The system is mainly composed of five different modules,through which the data will be displayed graphically to facilitate the administrator to better monitor the running status of the system.Finally,the experiment shows that the above method can detect unknown attack types in the system without detection,and the administrator can timely find and deal with the abnormal attack types,so that the safety of the industrial control system is guaranteed. |
PDF Full Text Request