Research And Implement Of Industrial Internet Anomaly Detection Based On Time Series Data Analysis

The Industrial Internet brings convenience to the intelligent control and large-scale management of production processes.With the in-depth development of industrial Internet technology,research in the corresponding security technology field becomes more and more necessary.The Industrial Internet mainly faces risks from outside the network.When an attack occurs,a large number of abnormal records are generated in the system.The discovery of related anomalies helps prevent network attacks and ensure the smooth operation of the Industrial Internet.Due to differences in the number of hosts and communication scales,traditional anomaly detection methods are not effective in three industrial Internet anomaly detection scenarios,such as abnormal operation sequences,malicious instruction distribution,and worm attacks.The subject conducts research from the following three aspects:(1)Aiming at the characteristics of coherence and known length of industrial operation queue,an improved algorithm based on Prefix Span is proposed.This article first introduces the principle of high-frequency sequence discovery method and Prefix Span sequence mining algorithm,analyzes the reasons that the Prefix Span algorithm is used in operation queue mining to produce a large number of invalid results and the execution efficiency is poor,and proposes an algorithm for updating frequent item sequences in industrial Internet scenarios.And the improved algorithm of high frequency operation queue discovery for the storage structure of projection database.Experimental analysis shows that the proposed algorithm has better performance than Prefix Span in terms of execution time and accuracy.(2)Study the DGA domain name detection method in the industrial Internet scenario.Industrial Internet DGA domain name detection has problems such as low throughput rate and high false alarm rate.This paper proposes a DGA domain name detection model including text feature classifier and host feature classifier.The model has better detection results under the premise of improving the throughput rate.(3)Study the detection method of industrial Internet worm structure.The local topology of the network under the Industrial Internet presents a different periodicity and host specificity than the ordinary LAN.This paper first analyzes the principle of worm structure detection and the method of worm detection based on topological graph analysis,proposes a fine-grained threshold discrimination model and uses this model in the detection method of tree network structure.Analyze the performance of the algorithm through experiments.Based on the above research,this paper finally designs and implements an industrial Internet anomaly detection system based on time series data analysis.The industrial environment simulation environment data was collected to test the system function and performance.The test results show that the anomaly detection system can meet the needs of industrial Internet related anomaly detection.