Research On Key Technologies Of Intrusion Detection For Industrial Control Network

Industrial control systems are vital to the operation of industrial facilities and are the core of the country’s critical infrastructure.With the development of industrialization and automation to networking and informatization,the infrastructure that used to be independent entities has been interconnected.While improving its manageability,it has also caused a rapid increase in the number of cyber attacks on industrial control systems worldwide,and the network security situation is increasingly severe.Intrusion detection is one of the key technologies to maintain the security of industrial control systems.It can effectively identify known and unknown attack behaviors and take corresponding protective measures to avoid more serious damage to the industrial control system.Traditional IT network intrusion detection systems cannot be directly applied to industrial control systems.Faced with this problem,the main research content of this thesis includes the following three aspects:(1)A Modbus misuse intrusion detection method based on protocol analysis is proposed.Aiming at the existing vulnerabilities and security risks of the industrial control system,this thesis deeply analyzes the communication behavior model,based on the Modbus protocol characteristics and main intrusion characteristics,extracts the device address,function code and coil,register starting address and number as the detection characteristics,and detected according to Modbus protocol communication rules.Experiments on Mississippi State University’s industrial control data set verify that this method can effectively filter known attacks,has the advantages of fast detection speed and low false positive rate,and is the basis for post detection..(2)An industrial control anomaly intrusion detection method based on ISSA-KELM is proposed.Aiming at the requirements of high real-time and high accuracy for industrial control network intrusion detection,an intrusion detection method based on an improved kernel extreme learning machine(KELM)is proposed.The improved sparrow search algorithm(ISSA)is used to optimize its parameters.The algorithm generates a uniformly distributed initial population based on the good point set theory,the safety value is adjusted adaptively,and the chaotic local disturbance strategy is introduced in the later iteration of the algorithm.The experiments on the standard industrial control data set show that the ISSA-KELM model is suitable for actual application scenarios,the convergence speed and stability have been improved,and the detection accuracy has reached 96.85%.(3)An industrial control intrusion detection method based on ensemble learning is proposed.In order to solve the problem that a single classifier has low detection accuracy for certain small sample attack categories,this thesis combines the advantages of each single classifier to construct an ensemble learning model.Through accuracy and difference measurement,SVM,ISSA-KELM,RF are selected as base classifiers,and a weighted voting mechanism based on credibility is proposed to integrate the classification results of each classifier.By comparing the final performance of the ensemble learning model and the single classifier model,it can be seen that the ensemble intrusion detection model constructed in this thesis performs better,with a detection accuracy of 97%.