Industrial control system intrusion attack and clue discovery method based on deep learning

Abstract

The invention provides an industrial control system intrusion attack and clue discovery method based on deep learning. Intrusion detection is part of the initial phase of an industrial control system security system. Due to the importance of an industrial control system, the decision of the professional of the security system is still the most important. Therefore, the role of simple intrusion alarms in the security system is very limited. An intrusion detection model based on deep learning is difficult to provide more information due to unexplained reasons thereof, which limits the application of a deep learning method in the field of industrial control network intrusion detection. Aiming at the limitation, the invention analyzes the distribution of classification related information and irrelevant information in each layer of a deep learning model from the perspective of information, so as to find the possibility that the hidden layer of a deep learning classification model can be analyzed. Finally, a hierarchical propagation method maps relevant information from the hidden layer to an input layer. Difficult-to-understand information is transformed into understandable information, which helps the professional to lock and process intrusion threats faster.

Description

technical field [0001] The invention relates to the technical field of industrial control networks, in particular to an industrial control anomaly detection and attack classification method based on deep learning. Background technique [0002] Industrial Control Systems (ICS) is an automatic control system composed of computer equipment and industrial process control components, which plays an important role in key infrastructure fields such as railways, petrochemicals and electric power. Industrial control network is an important carrier of message transmission in industrial control system. With the continuous improvement of industrial production technology and the continuous development of information technology, industrial development and information development interact and integrate with each other, and more and more information technology has been applied to the industrial field. At present, industrial control networks have been widely used in petrochemical, water pow...

AI Technical Summary

Problems solved by technology

[0003] Traditional industrial control networks have been used in internal LANs for a long time, and the operating environment is relatively single, so security issues are rarely considered in protocol formulation and actual deployment, resulting in many loopholes not being discovered in time and not being taken seriously

At the same time, due to the development of industry, the equipment of the industrial control network began to widely use the common software, hardware and network interfaces of the Internet. Generated data exchange, resulting in an increasingly open industrial control network

That is to say, the relative closedness of the previous industrial control network in the physical environment and the specificity of the software and hardware of the industrial control network will be broken, and it will be possible to obtain more detailed information about the relevant industrial control network through the Internet or the intranet of the enterprise. In addition, the security awareness of industrial control network operators who have been working in a secure environment for a long time is generally poor, and the industrial control network system is facing some traditional Internet security threats, such as worms, hackers, network attacks, viruses, etc.

Once the industrial control network is attacked, it will bring huge disasters to industrial production and even national interests.

At present, there are many highly automated and intelligent security systems that can automatically detect and prevent intrusions. However, the importance and particularity of industrial control networks prevent these systems from being successfully applied to industrial control network environments, because each The impact of intrusion on the industrial control system is fatal. Similarly, the impact of every false alarm or wrong response plan is also fatal, and the existing security system cannot guarantee 100% correct detection and correct response , so in practical applications, the last link in the security system of the industrial control system is always the security management experts, who ensure the normal operation of the industrial control system through human professional judgment, and correctly detect and eliminate threats

As the first link in the security system, the intrusion detection system is responsible for discovering intrusion behavior and issuing alarms. However, in actual scenarios, the alarm information of the intrusion detection system is often too simple, which makes it impossible for professionals to quickly locate the key information of the intrusion. , delaying the time to deal with the intrusion, if the intrusion detection system can provide more information about the intrusion, it will be of great help to shorten the time required to deal with the intrusion

Images