SIA OpenIR  > 工业控制网络与系统研究室
基于半监督分簇策略的工控入侵检测
Alternative TitleIntrusion Detection of Industrial Control Based on Semi-supervised Clustering Strategy
崔君荣; 尚文利; 万明; 赵剑明; 苑薇薇; 曾鹏
Department工业控制网络与系统研究室
Source Publication信息与控制
ISSN1002-0411
2017
Volume46Issue:4Pages:462-468 
Indexed ByCSCD
CSCD IDCSCD:6065030
Contribution Rank1
Funding Organization国家863高技术计划资助项目(2015AA043901)
Keyword工业控制系统 Modbus通信协议 入侵检测 半监督 模糊c均值聚类 支持向量机
Abstract为解决病毒、木马攻击工业控制系统应用层网络协议的问题,分析了Modbus/TCP通信协议的规则,提出了一种基于聚类和支持向量机的半监督分簇策略,该策略将无监督的模糊C均值聚类(fuzzy C-means,FCM)和有监督的支持向量机(support vector machine,SVM)相结合,实现了工控异常检测的半监督机器学习。首先提取工业控制系统Modbus/TCP协议的通信流量数据,对其进行数据预处理,然后利用模糊C均值聚类得到聚类中心,计算通信数据与聚类中心的距离,将满足阈值条件的部分数据进一步由遗传算法(genetic algorithm,GA)优化的支持向量机分类.实验结果表明,与传统的入侵检测方法相比,该方法将无监督学习和有监督学习完美结合,并且在不需要提前知道类别标签的前提下即可有效地降低训练时间,提高分类精度。
Other AbstractIn order to solve the problem of virus and Trojan attacking the application layer network protocol of industrial control system, we analyze the rule of Modbus/TCP communication protocol and propose a semi-supervised clustering strategy based on clustering and support vector machine. This strategy combines unsupervised fuzzy C-Means (FCM) and supervised support vector machine (SVM) to realize the semi-supervised machine learning of industrial anomaly detection. Firstly, we extract the communication flow data of the Modbus/TCP protocol of the industrial control system, and preprocess the data. Then we obtain the clustering center by fuzzy C-means clustering. We calculate the distance between the communication data and the clustering center. Partial data satisfying the threshold condition are further classified by support vector machines optimized by genetic algorithms. The experimental results show that compared with the traditional intrusion detection method, this method can combine the unsupervised learning and supervised learning, and can reduce the training time and improve the classification accuracy without knowing the category tag in advance.
Language中文
Citation statistics
Cited Times:3[CSCD]   [CSCD Record]
Document Type期刊论文
Identifierhttp://ir.sia.cn/handle/173321/20971
Collection工业控制网络与系统研究室
Corresponding Author尚文利
Affiliation1.沈阳理工大学自动化与电气工程学院
2.中国科学院沈阳自动化研究所
3.中科院网络化控制系统重点实验室
Recommended Citation
GB/T 7714
崔君荣,尚文利,万明,等. 基于半监督分簇策略的工控入侵检测[J]. 信息与控制,2017,46(4):462-468 .
APA 崔君荣,尚文利,万明,赵剑明,苑薇薇,&曾鹏.(2017).基于半监督分簇策略的工控入侵检测.信息与控制,46(4),462-468 .
MLA 崔君荣,et al."基于半监督分簇策略的工控入侵检测".信息与控制 46.4(2017):462-468 .
Files in This Item: Download All
File Name/Size DocType Version Access License
基于半监督分簇策略的工控入侵检测.pdf(1633KB)期刊论文作者接受稿开放获取ODC PDDLView Download
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[崔君荣]'s Articles
[尚文利]'s Articles
[万明]'s Articles
Baidu academic
Similar articles in Baidu academic
[崔君荣]'s Articles
[尚文利]'s Articles
[万明]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[崔君荣]'s Articles
[尚文利]'s Articles
[万明]'s Articles
Terms of Use
No data!
Social Bookmark/Share
File name: 基于半监督分簇策略的工控入侵检测.pdf
Format: Adobe PDF
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.