Research On Adaptive Intrusion Detection Method For Industrial Control Network

With the continuous development of the integration of industrialization and information technology,more and more Internet technologies have been applied to industrial control networks,and its security issues have become the focus of attention with the increase in various virus attacks.As an active security protection measure,intrusion detection technology can effectively make up for the shortcomings of traditional security protection technology.However,in the face of massive and high-dimensional network traffic data and the dynamic changes of network environment,the traditional intrusion detection model is not adaptive enough to detect some new or unknown attacks,unable to extract effective data features and the model training time is long.Therefore,research on adaptive intrusion detection methods has very important research significance.Aiming at the above problems,this thesis takes the industrial control network as the background,and mainly uses the information gain feature selection,principal component analysis,random forest classifier,convolutional neural network,C5.0 decision tree classifier and other methods to study the adaptive intrusion detection method suitable for the industrial control network.The specific research work is as follows:1.In view of the problems of massive high-dimensional data,redundancy and uncertainty of data features in the industrial control networks intrusion detection system,an intrusion detection model based on feature selection and random forest is proposed.Firstly,the proposed model selects the relevant attributes through the information gain feature selection method.Secondly,the principal component analysis feature extraction method is used to select the optimal feature subset from the relevant attributes selected by the IG.Finally,the selected optimal feature subset is used for training and testing in the RF classifier.In order to better prove the performance of the proposed method,the model is compared with the support vector machine,decision tree and logistic regression methods.Experimental results show that the detection accuracy of the proposed model in the NSL-KDD and CICIDS2017 data sets are 99.84% and 99.80%,respectively.At the same time,compared with the existing methods,the proposed model has good classification detection performance.2.In order to solve the problems of traditional intrusion detection methods in industrial control networks that are difficult to adaptively respond to dynamic changes in the network environment,extract valid data features,and low detection rates for unknown attacks,an adaptive intrusion detection model based on convolutional neural network(CNN)and C5.0 classifier was proposed.The proposed model first uses the synthetic minority oversampling method(SMOTE)to solve the problem of data type imbalance.Then the middle hidden layer of CNN is used to realize the automatic extraction of network traffic data features.Finally,the C5.0 classifier model is trained by using the training set data extracted from CNN,and an adaptive online update strategy based on frequent pattern mining is introduced,so that the intrusion detection model can adapt to the dynamic changes of the network environment,and then obtain the final detection result.The experiment uses KDDCup 99,NSL-KDD and Gas Pipeline datasets to test the validity of the model.Experimental results show that compared with the existing methods,the proposed model can effectively adapt to the dynamic changes of the network environment,and the classification and detection accuracy of various attack behaviors can reach over 98%,and the false alarm rate is less than 2%.