A method for detecting abnormal behavior of industrial control based on multiple machine learning algorithms
A technology of machine learning and detection methods, applied in machine learning, instrumentation, computing, etc., can solve problems such as single feature, realize single machine learning algorithm, and cannot comprehensively describe industrial control systems, so as to improve accuracy and accurately detect industrial control abnormalities Behavior, the effect of improving effectiveness and feasibility
Active Publication Date: 2022-04-22
HENAN EPRI GAOKE GRP
View PDF6 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0004] In addition, previous researchers mostly focused on traditional control systems such as SCADA systems and traditional control protocols, and there are still a lot of gaps in the research on abnormal behavior of industrial control networks. The multi-dimensional characteristics of the traffic, although the detection method using the traditional characteristics can achieve good results, but this relatively simple characteristic cannot fully describe the behavior of the industrial control system
At present, although some researchers have introduced its learning algorithm into industrial control malicious traffic detection and classification, most of them are limited to the realization of a single machine learning algorithm.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0041] Such as figure 1 Shown, the present invention comprises the following steps:
[0042] A. Collect and calibrate the flow data of the power generation distributed control system; the collected flow data comes from the normal flow data of the power generation distributed control system under normal conditions and the abnormal flow data during the penetration test process, and the normal flow data is calibrated as normal flow , calibrate the abnormal flow data as abnormal flow;
[0043] B. Use the calibrated flow data to construct a training sample set and a test sample set respectively;
[0044] C. Multi-dimensional feature extraction and vectorization processing of samples: Multi-dimensional feature extraction, standardization processing and vectorization processing are performed on the samples in the training sample set and test sample set to form the feature vector set of the training sample set and the feature vector set of the test sample set , each feature vector i...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method for detecting abnormal behavior of industrial control based on various machine learning algorithms. Firstly, the flow data of the distributed control system of power generation is collected and calibrated, and then the calibrated flow data are used to respectively construct a training sample set and a test sample set, and then The samples are subjected to multi-dimensional feature extraction and vectorization processing, and then a classification model based on a variety of machine classification learning methods is established. Finally, the real-time traffic data of the power generation distributed control system will be collected and input into the classification model. If the output classification result is malicious traffic, then It is determined that industrial control abnormal behavior occurs, otherwise, it is determined that industrial control abnormal behavior does not occur; the invention can effectively classify and detect samples, quickly detect abnormal behavior problems existing in industrial control systems, and accurately identify potential malicious and abnormal behaviors.
Description
technical field [0001] The invention relates to the technical field of abnormal network traffic detection of industrial control systems, in particular to a method for detecting abnormal behavior of industrial control based on various machine learning algorithms. Background technique [0002] Industrial control system, referred to as industrial control system. At present, industrial control systems have been widely used in key infrastructures in many industries such as electric power, transportation, energy, intelligent machinery, bioengineering, aerospace, chemical industry, and finance. Industrial control systems have also become an important part of national key infrastructures. Therefore, the industrial control system plays a decisive role in the national economy and the people's livelihood, especially the power grid industrial control system. Every security incident will bring huge impact and harm. What's more serious is that because the industrial control system did no...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06N20/00H04L41/14
CPCH04L63/1425G06N20/00H04L41/145
Inventor 何熹刘涛张黎王伟
Owner HENAN EPRI GAOKE GRP