SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES
Proposed is an anomaly detection method for communication behaviours in an industrial control system based on an OCSVM algorithm. According to the present invention, a normal behaviour profile model and an abnormal behaviour profile model, i.e. a dual-profile model, of communication behaviours in an industrial control system are established, parameter optimization is performed by means of a particle swarm optimisation (PSO) algorithm, an optimal intrusion detection model is obtained, and abnormal Modbus TCP communication traffic is identified. According to the present invention, the false alarm rate is reduced by means of cooperative discriminating of the dual profile model, the efficiency and reliability of anomaly detection are improved, and the method is more applicable to practical applications.