Industrial control abnormal behavior detection method based on multiple machine learning algorithms

Abstract

The invention discloses an industrial control abnormal behavior detection method based on multiple machine learning algorithms. The method comprises the following steps of firstly, collecting and establishing flow data of a power generation distributed control system; respectively constructing a training sample set and a test sample set by adopting the calibrated flow data; carrying out multi-dimensional feature extraction and vectorization processing on the sample; then establishing a classification model based on multiple machine classification learning methods, finally collecting real-timeflow data of the power generation distributed control system and inputting the real-time flow data into the classification model, if an output classification result is malicious flow, judging that anindustrial control abnormal behavior occurs, and otherwise, judging that the industrial control abnormal behavior does not occur. According to the method, samples can be effectively classified and detected, the abnormal behavior problem existing in the industrial control system can be rapidly detected, and potential malicious and abnormal behaviors can be accurately identified.

Description

technical field [0001] The invention relates to the technical field of abnormal network traffic detection of industrial control systems, in particular to a method for detecting abnormal behavior of industrial control based on various machine learning algorithms. Background technique [0002] Industrial control system, referred to as industrial control system. At present, industrial control systems have been widely used in key infrastructures in many industries such as electric power, transportation, energy, intelligent machinery, bioengineering, aerospace, chemical industry, and finance. Industrial control systems have also become an important part of national key infrastructures. Therefore, the industrial control system plays a decisive role in the national economy and the people's livelihood, especially the power grid industrial control system. Every security incident will bring huge impact and harm. What's more serious is that because the industrial control system did no...

AI Technical Summary

Problems solved by technology

[0004] In addition, previous researchers mostly focused on traditional control systems such as SCADA systems and traditional control protocols, and there are still a lot of gaps in the research on abnormal behavior of industrial control networks. The multi-dimensional characteristics of the traffic, although the detection method using the traditional characteristics can achieve good results, but this relatively simple characteristic cannot fully describe the behavior of the industrial control system

At present, although some researchers have introduced its learning algorithm into industrial control malicious traffic detection and classification, most of them are limited to the realization of a single machine learning algorithm.

Images