Research On Network Characteristic Anomaly Detection Method Based On Industrial Control System

With the emergence and rapid development of more and more emerging Internet technologies,the in-depth integration of industrialization and information technology has been promoted,and relevant personnel can control and monitor the industrial control system more conveniently.Nevertheless,the quantity of network attacks against industrial systems is also increasing year by year.The external reason for this change is that the access of the Internet has broken the closure of the industrial network,and the internal reason is that the industrial system itself has p otential threats.Anomaly detection is an efficient method to identify outliers in data sets.At present,many anomaly detection models applied to traditional information networks have problems of high detection time complexity and low accuracy,which are n ot suitable for industrial control systems with high real-time demand.Existing isolated forest models and deep forest models are widely used in industrial anomaly detection.However,these two models have some limitations.First of all,the isolated forest model has the problem of strong randomness in the construction process,which leads to the detection performance of the model is not optimal.Secondly,the multi-granularity scanning structure in the deep forest model is not uniformly scanned,and the feature information on both sides of the feature vector is omitted.Therefore,the feature vector is not scanned sufficiently,which affects the ability of subsequent structural feature learning.Moreover,the single base classifier in the cascaded forest leads to poor generalization of the deep forest model and easy over-fitting of data.Aiming at the problems existing in the above two models,this paper proposes its own optimization method.Specifically,the research work of this paper mainly includes the following two aspects:Aiming at the isolated forest model,this paper proposes two improvement methods.Firstly,the improved particle swarm optimization algorithm is adopted to intelligently select decision trees with good detection performance and large differen ce,and combine them into a new isolated forest model with superior detection performance.Then,the selection method of dividing points in the process of constructing decision tree is modified,and the golden section point is used as the dividing point.Based on the above two improvements,experimental verification is carried out,and the experimental results show that the improved model is effective.Aiming at the deep forest model,this paper improves the structure.Firstly,a circular multi-granularity scanning structure is proposed,which can fully obtain the feature subset of each sample feature vector and enhance the learning ability of cascaded forest structure.Secondly,the advantages and disadvantages of different classification models are analyzed.Three base classifiers,GDBT,XGBOOST and CATBOOST,are introduced to enhance the diversity of classifiers and improve the detection performance and generalization of the ensemble learning model at each level.Finally,compared with the previous methods,the experimental results demonstrate that the method can effectively enhance the accuracy of the model.