| Nowadays,more and more industrial production processes are controlled by industrial control systems.Industrial control systems provide convenience for industrial production and also bring great safety hazards.More and more studies have shown that using artificial intelligence technology to build an intrusion detection system based on network traffic can effectively protect industrial control systems.However,the use of artificial intelligence technology to build an industrial control intrusion detection system based on network traffic requires a large amount of labeled industrial control attack traffic data,but in reality,there is not enough labeled industrial control attack traffic data to construct an industrial control intrusion based on network traffic.Detection system,leading to the construction of industrial control intrusion detection system will face three problems,the first problem is that the data is not labeled,the second problem is the lack of new attack data,and the third problem is the cold start without attack data.And because the industrial control system is not universal,the network flow data of the industrial control system is not universal,and the non-universal network flow data causes two problems.The first problem is that the flow data of different industrial control systems cannot be mutually used.To build an intrusion detection model,the flow data cannot be fully used;the second problem is that the industrial control intrusion detection system based on network flow is not universal,and it is necessary to construct an intrusion detection system based on network flow for each industrial control system..Moreover,with the development of attacks against industrial control systems,more subtle process attacks have emerged.Each command of the attack is normal,but the abnormal order of execution will cause damage to the industrial production process.This paper first proposes an industrial control intrusion detection model based on the finetuning method in migration learning and the gated loop unit.In this model,an attack in the data set is assumed to be a new attack,the new attack traffic and a part of the normal traffic are taken as the target domain data set,and the remaining attack traffic and the rest of the normal traffic are taken as the source domain data set.Experiments show that the model proposed in this paper can construct an effective industrial control intrusion detection system when the new attack data is insufficient,and can detect process attacks.Since the application of the fine-tuning method in migration learning to the field of industrial control intrusion detection can only mitigate the problem of insufficient new attack data when building intrusion detection models,it cannot solve the problem of lack of data labels in the field of industrial control intrusion detection and when there is no attack data.Cold start problem and data non-universal problem.This paper proposes to use the isomorphic feature space of autoencoders and the adaptation method of the adversarial domain in transfer learning and the gated recurrent unit to construct an industrial control intrusion detection system based on network traffic.Here,the source domain and target The domains are the network traffic of different industrial control systems.Experiments show that the model proposed in this paper effectively solves the problem of lack of data labels when constructing an intrusion detection model,the problem of cold start when there is no attack data,and the problem of non-universal data. |
PDF Full Text Request