Research On ICS Intrusion Detection Methods Based On Kernel Extreme Learning Machine

Industrial Control System is widely used in national infrastructure such as nuclear power,chemical industry and water conservancy,and so on.It is mainly used to connect,detect and control equipment in industrial systems.Once attacked,it will do harm to national property,ecological environment and people’s life.Now,ICS is integrating with IT,it is gradually exposed to new threats and attacks.Therefore,it has great significance to take deep research on the security technology of industrial control system.Intrusion detection is a key method to protect the security of ICS.By collecting and analyzing the raw data in the system,the abnormal behaviors can be detected in a short time.According to the detection results,safety operators can take actions to maintain the stability of the system.However,due to the great difference between the industrial control system and the traditional IT system,it is difficult to completely meet the requirements of the industrial control system by simply using the traditional intrusion detection technology.For this reason,it is necessary to design reasonable detection methods according to the characteristics of industrial control systems,in order to improve the accuracy.The main work of this paper is as follows:(1)Considering that ICS has fewer computing resources but a high requirement for continuity.This paper uses online learning method to design the algorithm,the weight of the model can be updated in real time,so that the loss caused by downtime will be avoided.Besides this,kernel extreme learning machine has been used as the basic model,a hybrid kernel function has been designed to avoid the disadvantages of single kernel function.Since the industrial control system is a time-varying system,we have proposed an adaptive forgetting mechanism,which introduces the prediction error of the model to the current data into the model weight update mechanism.When the fitness of the model is poor,more data of the previous sample are discarded,otherwise,it is properly retained,which not only avoids the dimensional disaster in the operation process,but also improves the model training speed and reduces the cost of the system.(2)We design a Multi-layer denoising auto encoder to reduce the errors and redundant information in the industrial data.The experimental results show that the training speed of the model is improved.Due to the unbalanced proportion of positive and negative samples in industrial data,a weight hybrid kernel extreme learning machine has been adopted by assigning higher weight to small samples,so as to improve the accuracy of the small sample detection.The proposed method has better performance than traditional machine learning algorithms in time,accuracy and generalization.