Research On Intrusion Detection Technology Of Industrial Control System Based On Deep Learning

With the concept of "industry 4.0" and "Internet Plus" put forward,the new generation of industrial production facilities has been developed rapidly,and the integration of industrialization and informatization has been further improved.While the industrial control system is more convenient to operate and the production efficiency is gradually improved,the risk of external attack is also increasing.Nowadays,the traffic of industrial control system is growing rapidly,and unknown attacks are constantly emerging.The existing industrial control intrusion detection technology gradually has some problems,such as weak data feature learning,poor generalization ability,low recognition accuracy and so on.In order to solve the above problems,this thesis uses the powerful data processing ability and feature extraction ability of deep learning model to study the intrusion detection algorithm for industrial control system.The specific work and achievements are as follows:(1)In the aspect of industrial control data preprocessing,a dimensionless method based on central symmetric logarithm function is proposed to reduce the information loss when the dimensionless operation is carried out for large orders of magnitude industrial control features.Secondly,the industrial control feature combination method based on gradient boosting decision tree is proposed,which realizes the combination of relevant features in industrial control system traffic and increases the classification basis of subsequent detection model.(2)In view of the one-dimensional spatial characteristics of industrial traffic records,an industrial intrusion detection algorithm based on one-dimensional multi-scale residual network is proposed.By constructing multi-scale convolution structure,the receptive field of the model is enriched,and the comprehensive extraction of different scale features is realized.In addition,the residual structure is used to solve the problem that the traditional network is easy to degenerate with the increase of depth,so that it can extract deeper features.(3)By analyzing the temporal characteristics of context correlation in industrial control system traffic,an intrusion detection method based on bi-directional temporal convolution is proposed to extract the temporal characteristics of traffic sequence.Firstly,by using the expansion convolution algorithm,the problem that the complexity growth rate of the model is too high with the expansion of receptive field is avoided.Secondly,a bi-directional temporal convolution network model is proposed to solve the problem that the traditional temporal convolution can only summarize single direction time information,and realize the comprehensive extraction of front and back temporal features.(4)Aiming at the problem that the existing intrusion detection models don’t take into account the spatial and temporal characteristics at the same time,this thesis combines one-dimensional multi-scale residual network and bi-directional temporal convolution network,proposes a spatiotemporal double convolution neural network intrusion detection algorithm,which realizes the double extraction of spatial and temporal characteristics of industrial control data.On this basis,a two-stage classification method based on random forest is proposed,which combines the advantages of deep learning which is good at extracting features with the advantages of decision tree model which is good at classification,so as to further improve the intrusion detection effect of the model.Finally,the algorithm proposed in the above research is designed and implemented,which is verified on the industrial control data set and compared with the common solutions at this stage.The experimental results show that the data provided by the data preprocessing method can effectively improve the detection ability of subsequent models.The combination algorithm of double convolution feature extraction module and two-stage classifier proposed in this thesis can complete the task of intrusion detection excellently and perform best in the comparative experiment.