Research On Intrusion Detection Technology Of Industrial Control Network Based On Machine Learning

Industrial control systems are the core of the country’s key infrastructure,and its normal operation plays a vital role in the stable operation of industrial facilities.With the introduction of intelligent control technology and various sensors into the industrial control network,industrial production efficiency has gradually improved,management operations have become more intelligent,and at the same time,more security risks have been brought to the industrial control systems.The external attacks of intruders and the internal problems of industrial control systems bring more and more challenges to the defense of industrial control systems.Existing intrusion detection systems are difficult to solve the problems caused by complicated control logic in industrial scenarios.In addition,many intrusion detection technologies only focus on improving the overall accuracy of detection,but the low detection accuracy of most attack types and a few attack types will also bring losses to the industrial control systems.Therefore,in view of the above problems,this paper studies the intrusion detection technologies of industrial control systems combined with machine learning models.The main work is reflected in the following three aspects:(1)Aiming at the problems of high dimensionality and redundancy and noise in standard datasets,a dimensionality reduction method for industrial control network data based on Stacked Sparse Principal Component Analysis(SSPCA)was proposed.On the basis of in-depth analysis of Sparse Principal Component Analysis(SPCA),the L2 norm is introduced,the sparse principal component analysis algorithm is improved for feature selection,and the principal component analysis algorithm is used for dimensionality reduction.Experiments show that this method can reduce dimensionality more effectively than other models,retain more information of the original data set and improve the robustness of the system,and the detection accuracy rate reaches 90.36%.(2)Aiming at the problem that the imbalanced industrial control data set is easy to cause the low detection rate of attack types,a cost-sensitive step-by-step industrial control intrusion detection method is proposed.The cost-sensitive algorithm is integrated into the classification algorithm,and different misclassification costs are defined according to the inverse relationship between the number of normal type and attack types to improve the detection rate of attack types.The three-layer architecture of the method is expounded,the classification ability of the synthetic minority oversampling technique enhanced(SMOTE)model is improved,and a cost-sensitive support vector machine(CS-SVM)algorithm is proposed to minimize the number of false positives.Experiments show that this method can effectively reduce false positives and improve the attack detection rate.(3)The proposed algorithm above is designed and implemented,and verified on the Mississippi State University public standard industrial control data set.The experimental results show that the dimensionality reduction method proposed has better performance in terms of accuracy rate,false negative rate and false positive rate,and can effectively improve the detection ability of subsequent classification models.The proposed costsensitive step-by-step industrial control intrusion detection method can effectively solve the imbalance problem of industrial control data sets,and improve the attack detection accuracy to 98.07%,and the AUC value to 0.94.