Industrial control intrusion detection method based on multi-classification GoogLeNet-LSTM model

Abstract

The invention discloses an industrial control intrusion detection method based on a multi-classification GoogLeNet-LSTM model. The industrial control intrusion detection method comprises the steps: firstly carrying out the classification of network packages for an industrial control communication process employing a Modbus protocol; then, detecting the network packets without information by usinga feature template comparison method; for a network packet carrying information, constructing a time sequence detection sequence by using original network packets, carrying out one-hot coding on eachnetwork packet, carrying out feature extraction by using GoogLeNet, and inputting an obtained feature vector sequence into an LSTM network based on an attention mechanism to carry out time sequence detection to obtain a detection result; and designing a detection result multi-classification method, and outputting specific intrusion categories by using two detection methods. The industrial controlintrusion detection method has universality, and has the characteristics of high detection precision and strong real-time performance for different types of invasion.

Description

technical field [0001] The invention is applied to the security field in the industrial control system, and particularly relates to an industrial control intrusion detection method aimed at the communication process using the Modbus protocol. Background technique [0002] The industrial control system (Industrial Control System, ICS) is composed of various automatic control components and process control components for real-time data collection and monitoring, and realizes functions such as data collection and processing, monitoring, remote communication and maintenance. With the development of the industrial level and the advancement of informatization, industrial control components are characterized by wide distribution and large quantities. In order to achieve stable communication and centralized management among components, ICS uses more and more public software and communication protocols, which exposes a large number of security holes in the system and faces more and m...

AI Technical Summary

Problems solved by technology

However, different network structures have their own advantages and disadvantages when used alone in industrial control intrusion detection. The traditional detection method based on convolutional neural networks (CNN) has strong feature learning ability, but cannot perform timing detection. Many intrusion Behaviors are difficult to detect; traditional intrusion detection methods based on long-short-term memory (LSTM) networks, although they can take advantage of the timing relationship between network packets, rely heavily on feature extraction methods and have poor performance when dealing with long-sequence tasks , a higher false positive rate

Images