Research On Intrusion Detection Methods Of Industrial Control System Based On Mixed Kernel-One Class Support Vector Machine

Industrial Control System(ICS)is widely used in the connection,monitoring and control of important national infrastructure.Once attacked,it will harm national property,the ecological environment and even the safety of people’s lives.As ICS shifts from closed to open and interconnected,industrialization and informatization are also integrated,and the possibility of network attacks continues to increase.Therefore,it is of great significance to strengthen the research on ICS security technology.The application of intrusion detection in the traditional Internet has been very mature,but due to the big difference between ICS and traditional IT systems,the intrusion detection technology of IT systems cannot meet the security protection requirements of ICS.Therefore,it is necessary to design suitable intrusion detection methods according to the security requirements of ICS.The principal work of this thesis is as follows:(1)Due to the high dimension and strong nonlinear characteristics of industrial data,ICS intrusion detection algorithm training takes a long time and the detection accuracy is low.Aiming at this problem,an industrial data feature dimensionality reduction method based on aliasing entropy kernel principal component analysis(EKPCA)is proposed.The method first calculates the aliasing entropy of each feature based on the idea of aliasing entropy.By comparing with the aliasing entropy threshold,some features that have a greater impact on classification are retained,and then Kernel Principle Component Analysis(KPCA)is used for feature extraction on the retained features to achieve dual dimensionality reduction of features.Aiming at the problem that the kernel parameters of EKPCA are difficult to determine,particle swarm optimization(PSO)is used to optimize the kernel parameters.Finally,experiments are conducted to verify the effectiveness of the proposed method for dimensionality reduction of industrial data.(2)Since industrial control systems mostly work in a normal and healthy environment,the collected industrial sample data are in the problem of category imbalance,that is,most of them are normal data and few are abnormal data.To solve this problem,a Mixed Kernel-One Class Support Vector Machine(MK-OCSVM)algorithm is proposed.Firstly,the algorithm uses a hybrid kernel function that combines a Gaussian kernel function and a Poly kernel function according to a certain weight,aiming to compensate for the single kernel function used by One Class Support Vector Machine(OCSVM),that is,the strong learning ability of the local kernel function and the good generalization ability of the global kernel function can’t be considered simultaneously;secondly,the weight coefficient and other parameters in the MK-OCSVM algorithm are optimized by PSO,and the optimal parameters are obtained;finally,in order to reduce the false negative rate of intrusion detection,a new intrusion detection model based on MK-OCSVM algorithm is established.Through comparative experiments,it is verified that the proposed algorithm not only guarantees a higher detection rate than OCSVM using a single kernel function,but also has better generalization capabilities;and the new intrusion detection model established is comparable to the one trained only with normal samples,it can further reduce the false negative rate of intrusion detection.