Research On Machine Learning Algorithms For Intrusion Detection In Industrial Control Systems

With the wide use of Industrial Control Systems(ICS)in the field of industrial automation,the importance of the security of ICS has become more important.However,due to the complexity of the industrial scenarios and the development of the industrial Internet and big data,making traditional intrusion detection techniques difficult to deal with the high concurrency and storage challenges in ICS.In order to improve the automation,accuracy and real-time threat recognition,Machine learning enables computers to make predictions through data analysis and pattern recognition.In addition,Machine learning also detects the potential security threats,achieves adaptive security defense and provides new solutions for industrial security in this way.In this paper,we investigated and analyzed the industrial network system from such two machine learning aspects: data optimization and model improvement.To prove the effect of this method,we dealed with the intrusion detection problems by data preprocessing,model improvement and integration,and conduct the follow-up simulation verification experiments.The main work are as follows:(1)First,we researched in-depth analysis of industrial system security technology and machine learning algorithms.Moreover,we proposed a clustering algorithm based on Kmeans-SMOTE to solve the problem of imbalanced sample quantity in different types in ICS dataset.In order to oversample minority class data and improve the quality of the dataset,this algorithm combines the SMOTE algorithm with the K-means clustering.The experiment results show that the method we proposed has a good performance on the increase of the intrusion detection accuracy of various types of attack.(2)Then,we proposed a quantum particle swarm optimization algorithm with adaptive learning strategy(CLAQPSO)to solve the high accuracy and real-time requirements of ICS intrusion detection.This algorithm expands the search space of the population and speed up global convergence by optimizing the support vector machine(SVM)with CLAQPSO through the improvement of the dynamic mode of local attractors in the particle swarm and fully utilizes the information resources of the particle population.After constructing the ICS intrusion detection model with SVM optimized by CLAQPSO,the simulation experiment results show that the method we proposed can improve the evaluation performance compared to other algorithms.(3)Finally,we proposed an ensemble learning intrusion detection method based on Light GBM to address the problems of slow training speed and low training accuracy when using a single machine learning algorithm to process massive data in intrusion detection.Light GBM is a gradient boosting framework based on decision trees that can efficiently train machine learning models for large-scale data.However,there are many parameters in Light GBM and the selection of parameter values is crucial to the training results.At the same time,Ensemble learning can combine multiple machine learning models to improve overall prediction accuracy and enhance generalization ability.Due to these reasons,we combined CLAQPSO with adaptive learning strategy and Light GBM ensemble learning to optimize important parameters in Light GBM and improve intrusion detection accuracy.The simulation experiment results show that the proposed method performs well in intrusion detection.