Research On Intrusion Detection Methods Based On Modbus TCP Industrial Control Network

With the advent of the era of big data,new technological support is needed for industrial internet security.Intrusion detection is an effective supplement to industrial security protection technology,and its significance is becoming more and more critical.At the same time,the enhancement of computer capabilities will enrich the intrusion detection technology,so that it has super detection ability,and can deal with more complex network environment at the same time.Intrusion detection technology can properly analyze network traffic data,system logs,system behavior and other data to find out whether there is an abnormal situation or intrusion attack on the network system,and then issue an alarm.In order to ensure the normal operation of the industrial control system,many researchers propose to use intrusion detection technology to protect the industrial control system.However,the intrusion detection technology in the industrial system needs to be further improved and developed.Therefore,this thesis conduct in-depth research on abnormal intrusion detection,identify abnormal data through abnormal intrusion detection,and then classify abnormal data through multi-class classification algorithm,so as to better cope with emergencies.The main work and research content of this article are as follows:(1)Proposed an anomaly intrusion detection method based on FW-SVDD.In the face of high-dimensional feature data,the degree of influence of data features on the algorithm varies.Currently,SVDD does not consider this issue,resulting in low detection accuracy and poor effectiveness.To solve this problem,this article introduces the concept of feature weight when searching for the optimal SVDD in the algorithm.Set a weight for each feature of the sample through a combination weighting method.The introduction of feature weights compensates for the shortcomings of SVDD by differentiating the importance of different feature influences on samples.Through experimental comparison with four current SVDD algorithms on publicly available industrial system datasets,the accuracy and AUC of our algorithm have significantly improved on both datasets,and the accuracy is higher than that of the latest article using this publicly available dataset.(2)Proposed an intrusion detection method based on ensemble learning.This method is mainly used to classify the abnormal data detected by the abnormal intrusion detection method.Because the Industrial Internet faces a variety of attack data problems,this method uses the fusion algorithm method to improve the classification effect and performance of the multi class classification algorithm,and uses the weighted average probability voting method to build a new fusion algorithm.The innovation of this research method was demonstrated through four evaluation indicators validated on publicly available industrial system datasets.(3)This thesis designs an intrusion detection system based on industrial control network by two proposed methods.The system will collect the data in the industrial control network,extract the effective characteristic data,and then use the abnormal intrusion detection method based on FW-SVDD to analyze whether it belongs to the abnormal data.For the abnormal data,the intrusion detection method based on integrated learning is used to classify the various types of attacks,identify the specific types of attacks,and notify the administrator through the alarm system,improve the security of the industrial control system,improve the efficiency of administrators in responding to unexpected attacks.