Industrial control system intrusion attack and clue discovery method based on deep learning

Abstract

The invention provides an industrial control system intrusion attack and clue discovery method based on deep learning. Intrusion detection is part of the initial phase of an industrial control system security system. Due to the importance of an industrial control system, the decision of the professional of the security system is still the most important. Therefore, the role of simple intrusion alarms in the security system is very limited. An intrusion detection model based on deep learning is difficult to provide more information due to unexplained reasons thereof, which limits the application of a deep learning method in the field of industrial control network intrusion detection. Aiming at the limitation, the invention analyzes the distribution of classification related information and irrelevant information in each layer of a deep learning model from the perspective of information, so as to find the possibility that the hidden layer of a deep learning classification model can be analyzed. Finally, a hierarchical propagation method maps relevant information from the hidden layer to an input layer. Difficult-to-understand information is transformed into understandable information, which helps the professional to lock and process intrusion threats faster.

Description

technical field [0001] The invention relates to the technical field of industrial control networks, in particular to an industrial control anomaly detection and attack classification method based on deep learning. Background technique [0002] Industrial Control Systems (ICS) is an automatic control system composed of computer equipment and industrial process control components, which plays an important role in key infrastructure fields such as railways, petrochemicals and electric power. Industrial control network is an important carrier of message transmission in industrial control system. With the continuous improvement of industrial production technology and the continuous development of information technology, industrial development and information development interact and integrate with each other, and more and more information technology has been applied to the industrial field. At present, industrial control networks have been widely used in petrochemical, water pow...

AI Technical Summary

Problems solved by technology

[0003] Traditional industrial control networks have been used in internal LANs for a long time, and the operating environment is relatively single, so security issues are rarely considered in protocol formulation and actual deployment, resulting in many loopholes not being discovered in time and not being taken seriously

At the same time, due to the development of industry, the equipment of the industrial control network began to widely use the common software, hardware and network interfaces of the Internet. Generated data exchange, resulting in an increasingly open industrial control network

That is to say, the relative closedness of the previous industrial control network in the physical environment and the specificity of the software and hardware of the industrial control network will be broken, and it will be possible to obtain more detailed information about the relevant industrial control network through the Internet or the intranet of the enterprise. In addition, the security awareness of industrial control network operators who have been working in a secure environment for a long time is generally poor, and the industrial control network system is facing some traditional Internet security threats, such as worms, hackers, network attacks, viruses, etc.

Once the industrial control network is attacked, it will bring huge disasters to industrial production and even national interests.

Images