Industrial Internet intrusion detection method based on flow feature map and perception hash

Abstract

The invention provides an industrial Internet intrusion detection method based on a flow feature map and perception hash for mainly solving the problems of low detection performance and poor adaptability of the existing industrial Internet intrusion detection method. The industrial Internet intrusion detection method draws lessons from an image processing method and comprises the following steps: firstly obtaining a standard test bed experimental data set, performing feature selection by using an information entropy method to construct a flow feature vector, and performing a normalization operation on a part of attributes; then, converting the flow feature vector into a triangle area mapping matrix by using a multivariate correlation analysis method to construct the flow feature map; and finally, obtaining a hash abstract of the flow feature map by using an image perception hash algorithm based on discrete cosine transform SVD and singular value decomposition SVD, and generating an intrusion detection rule set in the form of a binary character string. Moreover, hash matching is performed by using an accurate matching method based on character strings, a similarity measurement method based on a normalized Hamming distance and a clustering analysis method based on a Euclidean distance so as to detect abnormal flow and malicious intrusion in the industrial Internet.

Description

technical field [0001] The invention belongs to the field of industrial Internet intrusion detection, and in particular relates to an industrial Internet intrusion detection method based on a traffic feature map and image perception hash, which is mainly used for intrusion detection of malicious attacks and abnormalities in the industrial Internet. Background technique [0002] Traditional industrial control systems (Industrial Control Network, ICS) are widely used in petrochemical, power and water conservancy, industrial production, nuclear energy and transportation and many other national key infrastructures. According to the ICS-CERT 2015 Security Situation Report analysis and statistics, more than 80% of the country's critical infrastructure relies on ICS to automate the production process. ICS plays a very important role in people's production and life, and the security of ICS directly affects national security and economic development. From the "Stuxnet" virus attacki...

AI Technical Summary

Problems solved by technology

[0009] To sum up, in view of the problems of low intrusion detection performance, poor adaptability, and algorithm time complexity that do not meet real-time requirements in existing industrial Internet intrusion detection methods, in order to mine the characteristics of traffic data between two pairs of attributes, image processing Research on the intrusion detection problem from the perspective of the method, and provide a real-time and efficient intrusion detection method

Images