Intrusion attack and clue discovery method of industrial control system based on deep learning

Abstract

Intrusion attack and clue discovery method of industrial control system based on deep learning. Intrusion detection is part of the initial phase of an industrial control system security system. Due to the importance of industrial control systems, the decisions of safety system professionals remain paramount. Therefore, the role of simple intrusion alarms in security systems is very limited, and intrusion detection models based on deep learning are difficult to provide more information due to their inexplicability, which limits the application of deep learning methods in the field of intrusion detection in industrial control networks . In response to this limitation, this paper analyzes the distribution of classification-related information and irrelevant information in each layer of deep learning models from the perspective of information, and finds the possibility that the hidden layers of deep learning classification models can be analyzed. Finally, the hierarchical propagation method can map relevant information from the hidden layer to the input layer, transforming difficult information into understandable information, helping professionals to locate and deal with intrusion threats faster.

Description

technical field [0001] The invention relates to the technical field of industrial control networks, in particular to an industrial control anomaly detection and attack classification method based on deep learning. Background technique [0002] Industrial Control Systems (ICS) is an automatic control system composed of computer equipment and industrial process control components, which plays an important role in key infrastructure fields such as railways, petrochemicals and electric power. Industrial control network is an important carrier of message transmission in industrial control system. With the continuous improvement of industrial production technology and the continuous development of information technology, industrial development and information development interact and integrate with each other, and more and more information technology has been applied to the industrial field. At present, industrial control networks have been widely used in petrochemical, water pow...

AI Technical Summary

Problems solved by technology

[0003] Traditional industrial control networks have been used in internal LANs for a long time, and the operating environment is relatively single, so security issues are rarely considered in protocol formulation and actual deployment, resulting in many loopholes not being discovered in time and not being taken seriously

At the same time, due to the development of industry, the equipment of the industrial control network began to widely use the common software, hardware and network interfaces of the Internet. Generated data exchange, resulting in an increasingly open industrial control network

That is to say, the relative closedness of the previous industrial control network in the physical environment and the specificity of the software and hardware of the industrial control network will be broken, and it will be possible to obtain more detailed information about the relevant industrial control network through the Internet or the intranet of the enterprise. In addition, the security awareness of industrial control network operators who have been working in a secure environment for a long time is generally poor, and the industrial control network system is facing some traditional Internet security threats, such as worms, hackers, network attacks, viruses, etc.

Once the industrial control network is attacked, it will bring huge disasters to industrial production and even national interests.

At present, there are many highly automated and intelligent security systems that can automatically detect and prevent intrusions. However, the importance and particularity of industrial control networks prevent these systems from being successfully applied to industrial control network environments, because each The impact of intrusion on the industrial control system is fatal. Similarly, the impact of every false alarm or wrong response plan is also fatal, and the existing security system cannot guarantee 100% correct detection and correct response , so in practical applications, the last link in the security system of the industrial control system is always the security management experts, who ensure the normal operation of the industrial control system through human professional judgment, and correctly detect and eliminate threats

As the first link in the security system, the intrusion detection system is responsible for discovering intrusion behavior and issuing alarms. However, in actual scenarios, the alarm information of the intrusion detection system is often too simple, which makes it impossible for professionals to quickly locate the key information of the intrusion. , delaying the time to deal with the intrusion, if the intrusion detection system can provide more information about the intrusion, it will be of great help to shorten the time required to deal with the intrusion

Images