Research On Traffic Anomaly Detection Method Of Industrial Control System Based On Traffic Model

In order to increase productivity,reduce production intensity,and lower manufacturing costs,the scope of use of Industrial Control Systems(ICS)is constantly expanding in today’s society.China’s industrialization and information technology are in a continuous development and integration phase.However,there is an increasing trend of security incidents involving network attacks on industrial control systems worldwide.Therefore,researching the network security issues of industrial control systems is of great significance to safeguard their stable operation.In this field,scholars mostly focus on the behavior and protocols of industrial control systems,with less research on traffic models for network traffic anomaly detection in industrial control systems.In industrial control systems,there are challenges such as highdimensional network traffic data,difficulty in extracting flow features,and insufficient computational capacity of the system,which results in the existing traffic-based anomaly traffic detection methods not being effectively applicable to industrial control systems.Firstly,to address the challenge of feature extraction caused by high dimensionality and complex structure of industrial control system’s traffic,a traffic feature extraction method based on kernel function fusion of kernel principal component analysis(kf-KPCA)is proposed.In order to extract relevant features from high-dimensional and structurally complex traffic,this study improves the traditional kernel principal component analysis algorithm to make it more suitable for industrial control environments.After data balancing,standardization,normalization,and other operations,industrial control data are used as input for the kernel principal component analysis algorithm,generating kernel matrices using both linear and radial basis kernel functions.Subsequently,a fusion kernel matrix is generated by applying the Hadamard product,enabling the extraction of strongly correlated features from industrial control system.Furthermore,in order to achieve more efficient and accurate anomaly detection in network traffic of industrial control systems,this paper proposes a traffic model that combines kernel function fusion of kernel principal component analysis(kf-KPCA)with gated recurrent unit(GRU)for the detection of network anomalies in industrial control systems.The proposed traffic model consists of two main components: industrial control traffic feature extraction and traffic prediction.The model utilizes kf-KPCA to extract 14 features from the original dataset and construct a new compact dataset.It then employs the GRU network for learning and prediction.Subsequently,the predicted values are compared with a threshold based on the actual values,enabling the detection of anomalies in industrial control traffic.The experiments demonstrate that the kf-KPCA-GRU traffic model proposed in this paper achieves improved accuracy while reducing computational costs compared to the Long Short-Term Memory(LSTM)and Gated Recurrent Unit(GRU)models.This also validates the effectiveness of the proposed feature extraction method in the domain of industrial control system’s traffic feature extraction.