Research On Abnormal Flow Detection Algorithm Based On Industrial System

With the evolution of industrial control system,industrial control system and Internet technology blend with each other.Industrial control system should be gradually open.Therefore,this makes the originally relatively independent and closed network environment exposed to the public.At present,the research on industrial control network security is far less than the research on Internet security,but in recent years,it shows an upward trend.The safety of industrial control network is very important,it affects the lifeblood of the country.Therefore,this paper aims at the research of network traffic in industrial control system.The main work contents of this paper are as follows:1.The analysis and prediction algorithm of baseline in industrial control system are studied.Through the analysis of industrial control flow to understand the flow characteristics.Statistical analysis is used to analyze the baseline.Then the deep learning,time series and other content are studied,and a model and a detection process are proposed.2.The periodic anomaly detection algorithm of industrial network traffic is studied.The periodic characteristics of traffic flow in industrial control network are explained from macroscopic and microscopic perspectives.Then I research and classify the processed traffic into character sequence and numerical sequence.First,the traffic characteristics are encoded to generate the sequence.A smoothing filtering algorithm is proposed for the phenomenon of sequential oscillation.The curves are smoothed while maintaining periodicity.The results of multiple rounds of different starting positions are calculated through the voting method.3.The anomaly detection algorithm of industrial control protocol field is studied.Firstly,the function of field of industrial control protocol is analyzed.The characteristics of Markov model are studied,and the characteristics of field sequence are expounded.Then the flow features are transformed into states through feature extraction and state construction.Then the states are connected in series according to the characteristics of time sequence to form the state sequence,and the condition of the sequence is finally detected.4.Test the abnormal flow detection algorithm of the proposed industrial control system.Firstly,the baseline analysis and prediction algorithm is tested.Various index parameters are tried through experiments,and the attack traffic is simulated.It can be well detected by mixing the traffic into the normal traffic for testing.Then the periodic anomaly detection algorithm of traffic is tested and the effectiveness of the algorithm is proved by using a variety of sequences.Finally,the field anomaly detection algorithm of industrial control protocol is tested,and the effectiveness of the algorithm is proved by constructing a variety of cases that lead to field anomaly.