Industrial control system intrusion detection method based on small sample learning

A technology for industrial control systems and intrusion detection, applied in neural learning methods, transmission systems, machine learning, etc., can solve problems such as samples that cannot distinguish new types of attacks, complex structures, and difficulty in detecting attack types

Active Publication Date: 2020-11-13
SICHUAN UNIV
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) Long-term training is required before detecting a specific attack, and it is difficult to cope with the real-time changing industrial control system environment;
[0006] (2) It can only effectively detect attack types with a large number of malicious samples for training, and it is difficult to detect those attack types with only a small number of samples;
[0007] (3) It can only distinguish between normal samples and abnormal samples, and cannot further distinguish new attack samples
[0009] 1. The detection method using traditional machine learning technology needs to be trained with a large number of similar samples to learn the potential characteristics of this type of attack, and due to the huge number of samples in the training phase, it takes a long time
[0010] 2. In order to learn the potential features in the attack data, traditional machine learning methods usually use unimproved deep neural networks with complex structures. When the sample size is small, traditional machine learning methods tend to overfit. Therefore, small sample attacks cannot be effectively detected;
[0011] 3. The traditional detection method does not consider the acquisition of new attack samples. Therefore, it is usually a binary classification model, that is, only normal samples and abnormal samples are distinguished, and abnormal samples are not further classified.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control system intrusion detection method based on small sample learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] The present invention designs an industrial control system intrusion detection method based on small sample learning, comprising the following steps:

[0085] 1) Data set division. The three different types of samples of the original data set extracted from the data flow of the industrial control system are divided into a detection model training set and a basic model training set. The three different types of samples are normal samples and common attack samples. samples and new attack samples;

[0086] 2) Continuous data processing, using Principal Component Analysis (PCA) to analyze the basic model training set and detection model training set of data samples Data Matrix Constructed by Dimensional Continuous Features Carry out dimensionality reduction;

[0087] 3) Discrete data processing, use one-hot encoding (One-hot Encoding) method for basic model training set, detection model training set of data samples A data matrix composed of discrete features proce...

Embodiment 2

[0093] This embodiment is further optimized on the basis of the above embodiments, and the same parts as the aforementioned technical solutions will not be repeated here. Further, in order to better realize the present invention, the following setting methods are specially adopted: the steps 1) specifically is: will contain a large number of normal samples of normal types, common attack samples of at least 3 common attack types and A new attack sample of a new attack type ( ) The original data sets of three different types of samples are divided in the following way to obtain the detection model training set and the basic model training set:

[0094] 1.1) Extract from normal samples and common attack samples of a common attack type to be detected samples, with A new attack sample constitutes the detection model training set;

[0095] 1.2) The remaining normal samples and common attack samples of common attack types are used to form the basic model training set.

Embodiment 3

[0097] This embodiment is further optimized on the basis of any of the above-mentioned embodiments, and the same parts as the aforementioned technical solutions will not be repeated here. Further, in order to better realize the present invention, the following setting methods are adopted in particular: the step 2 ) The specific steps are:

[0098] 2.1) Use the z-score standardization method for the basic model training set and the detection model training set of data samples A data matrix composed of continuous features For preprocessing, the data matrix B in the column data data According to formula (1), it is transformed into :

[0099] (1),

[0100] in, , respectively represent the The mean and standard deviation of the column data;

[0101] 2.2) After preprocessing, calculate the data matrix according to formula (2) The optimal eigenmatrix of :

[0102] (2),

[0103] in, is the data matrix The characteristic matrix of the dimension is ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control system intrusion detection method based on small sample learning. The method comprises the following steps: dividing an original data set extracted from industrial control system network traffic into a detection model training set and a basic model training set; performing dimension reduction on continuous data matrixes in the basic model training setand the detection model training set by using a principal component analysis method; encoding discrete data matrixes in the basic model training set and the detection model training set by using a one-hot encoding method; constructing a small sample training task required by basic model training by using the processed basic model training set; training a basic model based on a convolutional neuralnetwork by means of the constructed small sample training task; based on the trained basic model, using the processed detection model training set for further training, and obtaining a detection model. By means of the center vectors of three different types of samples of the original data set, real-time and effective detection of potential attacks in the network data flow is achieved.

Description

technical field [0001] The invention relates to the technical field of intrusion detection for industrial control systems, in particular to an intrusion detection method for industrial control systems based on small sample learning. Background technique [0002] The industrial control system is used to support the interconnection and communication between the various components in the industrial production process, and to ensure the stable and orderly progress of the industrial production process. Most of the early industrial production processes only involved communication between small-scale and dedicated hardware. Therefore, traditional industrial control systems are naturally closed. Except for internal system failures, there is no need to worry about large-scale network attacks. However, with the development of Internet information technology, technologies such as Information and Communications Technology (ICT), automation, distributed control, wide-area monitoring and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06K9/62G06N3/04
CPCG06F21/55G06N3/045G06F18/241G06F18/214H04L63/1425G06N3/08G06N20/00
Inventor 李贝贝欧阳远凯马小霞兰小龙赵亮杨进
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap