Research On Intrusion Detection Method Of Industrial Control Network Combined With Whitelist And Machine Learning

The development of information technology continues to promote the integration and progress of industrialization and informatization in a wider range,deeper degree,and higher level.In the process of industrial automation and production informatization practice under the background of "One Network" construction,the construction of industrial control network security It has not kept up with the pace of informatization construction and faces serious network security threats.Aiming at the low detection rate of different types of attacks on industrial control network by traditional single detection algorithm,an industrial control network intrusion detection method combining whitelist and machine learning is proposed.First,whitelist technology is used to filter communication behaviors that do not conform to the rules to meet the detection requirements of the misuse layer;secondly,a machine learning model is used to build an anomaly detection layer,and the sample data is similarly preprocessed through offline training of non-negative matrices,and self-adapted according to sample size and characteristics Coupling selects AMPSO-SVM-K-means++,GSA-AFSA-ELM,and CFAEE-SCA-XGBoost algorithms to meet anomaly detection requirements.The NSL-KDD data set,GAS Pipeline data set and industrial field data are used to test the effectiveness and feasibility of the proposed method,and double evaluation indicators are selected for detection performance analysis.In the NSL-KDD data set,the Do S detection rate and false alarm rate are 97.2%,6.3%,respectively,and the R2 L detection rate is 92.5%;the GAS Pipeline data set Do S,RA detection rate is 67.0%,93.5%;industrial The detection rate of field data is 96.0%,and the false alarm rate is 0.02%.The test results show that the method proposed in this thesis has good overall detection performance and can better adapt to the needs of industrial control network intrusion detection.It can improve the security defense capabilities of industrial control networks in practical scenarios and has good application value.There are 15 figures,9 tables,and 63 references in this thesis.