| Industrial control system is an important part of national key infrastructure construction.The development of the Internet has promoted the continuous integration of industrialization and informatization.The industrial control system that was originally in a closed environment began to be connected to a complex external network environment,which improved the manageability of the industrial control system and increased its risk of external attacks.,which leads to a very severe security situation in the current industrial control system.Anomaly detection is one of the important methods to ensure the safety of industrial control systems.This method can effectively detect abnormalities in the system and notify security personnel to take corresponding measures to avoid serious damage to industrial production.The anomaly detection of the current industrial control system is facing some challenges.First,industrial data has the characteristics of high dimensionality,high redundancy,and much noise,which will reduce the efficiency of the anomaly detection model trained using industrial control data;secondly,the problem of data imbalance and missing data labels also brings challenges to anomaly detection.In response to the above problems,this paper mainly studies and proposes solutions from the two stages of anomaly detection—feature engineering and anomaly data detection.The main work is as follows:(1)In view of the characteristics of high dimensionality,high redundancy and multiple noises in industrial control system data,this paper proposes a multi-layer filter(Multi Layer Filter,MLF)feature selection algorithm.The algorithm performs feature selection based on the feature itself and the correlation between features,which can reduce the dimensionality of unlabeled industrial control system data without changing the original feature space.Through experiments on public industrial control data sets,it is proved that the MLF feature selection algorithm has a good dimensionality reduction effect on industrial control data.(2)Aiming at the problems of data imbalance and missing data labels in industrial control systems,this paper uses an unsupervised method of finding outliers for anomaly detection,and proposes an improved isolation forest and Gaussian distribution(IIF-GD)joint model.Divide the industrial control data into discrete data and continuous data,train the Gaussian distribution model with discrete data,and improve the isolated forest algorithm.In the training phase of the isolated forest,a cutting point selection algorithm is proposed to make the isolated tree trained more accurate;In the prediction stage,in order to comprehensively consider the degree of abnormality of the features,a comprehensive abnormal score based on the entropy weight method is proposed,and the weight of each feature is determined according to the information entropy,and then the improved isolation forest model is trained using continuous data.Finally,the two models are combined to make an abnormal judgment.It is verified by experiments that the detection model proposed in this paper has a good detection effect. |
PDF Full Text Request