Industrial control system intrusion detection method based on small sample learning

A technology for industrial control systems and intrusion detection, applied in neural learning methods, transmission systems, machine learning, etc., can solve problems such as samples that cannot distinguish new types of attacks, complex structures, and difficulty in detecting attack types

Active Publication Date: 2020-11-13
SICHUAN UNIV
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) Long-term training is required before detecting a specific attack, and it is difficult to cope with the real-time changing industrial control system environment;
[0006] (2) It can only effectively detect attack types with a large number of malicious samples for training, and it is difficult to detect those attack types with only a small number of samples;
[0007] (3) It can only distinguish between normal samples and abnormal samples, and cannot further distinguish new attack samples
[0009] 1. The detection method using traditional machine learning technology needs to be trained with a large number of similar samples to learn the potential characteristics of this type of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control system intrusion detection method based on small sample learning

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0083] Example 1:

[0084] The present invention is an industrial control system designed small sample learning based intrusion detection method, comprising the steps of:

[0085] Three different types of sample into 1) the data set is divided, from industrial control systems to extract data traffic to the original data set to detect a model train set and the base model train sets, three different types of samples were normal samples, common assault samples and samples of new attacks;

[0086] 2) continuous data processing, the use of principal component analysis (Principal Component Analysis, PCA) model based on the training set, the model training set is detected Data samples Dimensional concrete characteristics of data matrix Detecence;

[0087] 3) Discrete data processing, using a single-hot encoding method for the basic model training set, detection model training set Data sample Data matrix composed of scattered characteristics Treatment;

[0088] 4) After the small sam...

Example Embodiment

[0092] Example 2:

[0093] This embodiment is further optimized on the basis of the above embodiment, and will not be described herein with the foregoing technical scheme, further, in particular, the present invention is preferred, and the following arrangement is specifically described. To: will include a large number of normal types of normal types, at least three common attack samples for common attack types and New attack samples for new attack types ( The original data set of three different types of samples is divided into the detection model training set and the basic model training set as follows:

[0094] 1.1) From the normal sample, some common attack samples to be detected are separately extracted Sample, with A new attack sample composition detection model training set;

[0095] 1.2) Composition of the remaining normal samples and common attack samples of the common attack types.

Example Embodiment

[0096] Example 3:

[0097] The present embodiment is further optimized based on any of the above embodiments, and will not be described herein herein, and further refer to the present invention, in particular, in particular, the following arrangement mode: The step 2 The specific steps are:

[0098] 2.1) Use the Z-Score standardization method to the basic model training set, detection model training set Data sample Dimensional characteristic data matrix Preprocessing, data matrix B The column data Data Based on (1) :

[0099] (1),

[0100] in, , Representative The average and standard deviation of column data;

[0101] 2.2) After pretreatment, the data matrix is ​​calculated according to (2). Optimal feature matrix :

[0102] (2),

[0103] in, Data matrix Feature matrix, its dimension , Data matrix Co-difference matrix, its dimension is ;

[0104] 2.3) According to the (3) Dimensional data matrix Drop Dimensional :

[0105] (3),

[0106] in, Matrix by...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control system intrusion detection method based on small sample learning. The method comprises the following steps: dividing an original data set extracted from industrial control system network traffic into a detection model training set and a basic model training set; performing dimension reduction on continuous data matrixes in the basic model training setand the detection model training set by using a principal component analysis method; encoding discrete data matrixes in the basic model training set and the detection model training set by using a one-hot encoding method; constructing a small sample training task required by basic model training by using the processed basic model training set; training a basic model based on a convolutional neuralnetwork by means of the constructed small sample training task; based on the trained basic model, using the processed detection model training set for further training, and obtaining a detection model. By means of the center vectors of three different types of samples of the original data set, real-time and effective detection of potential attacks in the network data flow is achieved.

Description

technical field [0001] The invention relates to the technical field of intrusion detection for industrial control systems, in particular to an intrusion detection method for industrial control systems based on small sample learning. Background technique [0002] The industrial control system is used to support the interconnection and communication between the various components in the industrial production process, and to ensure the stable and orderly progress of the industrial production process. Most of the early industrial production processes only involved communication between small-scale and dedicated hardware. Therefore, traditional industrial control systems are naturally closed. Except for internal system failures, there is no need to worry about large-scale network attacks. However, with the development of Internet information technology, technologies such as Information and Communications Technology (ICT), automation, distributed control, wide-area monitoring and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06K9/62G06N3/04
CPCG06F21/55G06N3/045G06F18/241G06F18/214H04L63/1425G06N3/08G06N20/00
Inventor 李贝贝欧阳远凯马小霞兰小龙赵亮杨进
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap