| The gateway is a crucial edge hub that connects the industrial internet of things and industrial control systems.By applying edge computing intrusion detection technology to the gateway,network intrusion behavior can be detected promptly.However,current intrusion detection technology for commonly edge gateway protocols both domestically and abroad still faces problems such as low detection recognition rates,insufficient feature extraction,and poor model generalization performance.To solve the above problems,intrusion detection methods of Modbus/RTU,Modbus/TCP and DNP3 protocols for edge gateways are designed in this dissertation.The main contents are summarized as follows.(1)By analyzing the Modbus/RTU traffic structure and security defects,aiming at the problems of insufficiently extracting training sample space and temporal features with current Modbus/RTU protocol intrusion detection technology,an intrusion detection method is proposed based on one-dimensional convolutional neural network and bidirectional simple recurrent unit(1DCNN-BiSRU).First,the synthetic minority oversampling technique is used to balance the training samples in this method.Then,the sample spatial features were extracted by convolutional and pooling layers.Finally,the contextual sequential semantic information was extracted using the bidirectional simple recurrent layer before classification by fully connected layers.Experimental results demonstrate that this method has strong spatial and temporal feature extraction ability,and can effectively identify Modbus/RTU protocol intrusion behavior.(2)Aiming at the problems of low detection accuracy and insufficient feature extraction capabilities for current Modbus/TCP protocol intrusion detection technology,an intrusion detection method is proposed based on attention mechanism and 1DCNNBiSRU by analyzing Modbus/TCP traffic security vulnerabilities.Two parallel feature extraction channels are constructed to extract spatial-temporal and temporal-spatial features of the samples in this method.Then,these features are input into the selfattention layer to extract long-distance correlation features before classification by fully connected layers.Experimental results show that this method has much better intrusion detection performance than other algorithms,with stronger feature extraction capabilities and better robustness.(3)To solve the problems of easy overfitting and poor model generalization performance for current DNP3 protocol intrusion detection algorithms,an intrusion detection method is proposed based on feature selection and optimized random forest by analyzing the DNP3 traffic structure and facing security threats.This method combines a feature selection algorithm to reduce the dimensions of the training samples to eliminate unrelated noise.The particle swarm optimization,genetic algorithm,and sparrow search algorithm are used to optimize the random forest model’s decision tree number and depth parameters while analyzing the influence of different population sizes on the performance of each optimization algorithm.Experimental results show that the random forest model optimized using the sparrow search algorithm has superior intrusion detection performance compared to the other two optimized models,with strong model generalization capability and little risk of overfitting. |