Research On Intrusion Detection Method Of Industrial Control System Under Incomplete Samples

Industrial control system is widely used in key industrial fields such as electric power,oil and gas transportation and chemical industry.It lacks safety consideration at the beginning of design.With the deep integration of informatization and industrialization,the openness of industrial control system is improved,and network attacks emerge one after another.As an important protection measure of industrial control system,intrusion detection technology can effectively detect malicious behavior in the system.The combination of machine learning and deep learning model with intrusion detection is also one of the research hotspots of industrial control system security.In order to ensure the generalization ability of machine learning and deep learning models,a large amount of data is needed in the training stage,but the flow samples in industrial control systems are often incomplete.This paper studies the intrusion detection of industrial control system under the condition of incomplete samples.One is how to improve the detection effect under the unbalanced data distribution,and the other is how to detect the unknown attacks that do not exist in the training set.The main work of this paper is summarized as follows:1.Aiming at the problem of unbalanced data distribution,an unbalanced data intrusion detection algorithm based on Generative Adversarial Networks is proposed.The tags of minority are used as the condition variable to guide the generation of attack type samples,and the filter is used to undersample majority,which improves the over fitting problem of the detection algorithm on majority from the data level.On this basis,combined with the high-performance gradient decision tree model,an intrusion detection framework is constructed,and heuristic algorithm is used to optimize many parameters.2.Aiming at the problem of detecting unknown attacks that do not exist in the training set,an unknown attack intrusion detection algorithm based on open set recognition is proposed.By constructing an open set deep neural network model,the activation vectors of each known class are calibrated,the probability calculation method of input from unknown attacks is increased,and the discrimination ability of known normal traffic and known attacks is retained.In the network training stage,the class distance loss function is combined to learn the characteristics of discrimination and generalization,which improves the overall accuracy of the model and the detection rate of unknown attacks.3.Build a virtual industrial control experimental platform,realize replay attack,injection attack and ARP attack on the platform through penetration strategy and protocol analysis.Collect data and construct data sets to verify the effect of intrusion detection algorithm under the condition of incomplete samples.