SIA OpenIR  > 工业控制网络与系统研究室
工控通信行为的自编码特征降维和双轮廓模型异常检测方法
Alternative TitleMethod of Auto-encoder Feature Reduction and Double-model Anomaly Detection on Industrial Control Network Behavior
尚文利1,3,4; 闫腾飞1,2,4; 赵剑明1,3,4; 乔枫2; 曾鹏1,3,4
Department工业控制网络与系统研究室
Source Publication小型微型计算机系统
ISSN1000-1220
2018
Volume39Issue:7Pages:1405-1409
Indexed ByCSCD
CSCD IDCSCD:6279242
Contribution Rank1
Funding Organization国家自然科学基金面上项目(61773368)资助 ; 预研基金项目(6140242010116Zk63001)资助
Keyword工业控制系统 异常检测 单类支持向量机 双轮廓模态 自编码网络 特征降维
Abstract

针对工控网络异常行为与入侵行为的差异性,为降低漏报率和误报率并且为提高异常检测的准确率,提出基于单类支持向量机的双轮廓模型异常检测方法,模拟工控系统通讯的正常模态和异常模态,通过协同判别机制实现工控系统网络的异常检测.同时,为减小单类支持向量机建模时间与检测时间,选取自编码网络对提取的网络流量数据进行输入自变量降维和压缩处理,并且抑制了单类支持向量机模型的过拟合现象.基于自编码网络的单类支持向量机双轮廓模型的异常检测方法,通过对模型的仿真验证,可以看出工控系统漏报率和误报率明显降低,检测时间有所缩短,对工控系统异常检测的研究有较大的应用价值.

Other Abstract

Aimming at the difference between the abnormal behavior and the intrusion behavior of the industrial control network,in order to reduce the rate of missing report and false alarm rate,improve the accuracy of abnormal detection,an anomaly detection method for double contour model based on OCSVM is proposed. This model simulates the normal mode and abnormal mode of the communication of the industrial control system. Meanwhile,in order to reduce OCSVM modeling time and detection time,we select the auto-encoder network to reduce the input dimension of the network traffic data,and carry out the compression processing. Through the simulation and validation of the model,it can be seen that the rate of failure to report and the rate of misreporting in the industrial control system is obviously reduced. The research on abnormal detection of industrial control system has great application value.

Language中文
Citation statistics
Document Type期刊论文
Identifierhttp://ir.sia.cn/handle/173321/22338
Collection工业控制网络与系统研究室
Corresponding Author尚文利
Affiliation1.中国科学院沈阳自动化研究所
2.中国科学院大学
3.中国科学院网络化控制系统重点实验室
4.沈阳建筑大学信息与控制工程学院
Recommended Citation
GB/T 7714
尚文利,闫腾飞,赵剑明,等. 工控通信行为的自编码特征降维和双轮廓模型异常检测方法[J]. 小型微型计算机系统,2018,39(7):1405-1409.
APA 尚文利,闫腾飞,赵剑明,乔枫,&曾鹏.(2018).工控通信行为的自编码特征降维和双轮廓模型异常检测方法.小型微型计算机系统,39(7),1405-1409.
MLA 尚文利,et al."工控通信行为的自编码特征降维和双轮廓模型异常检测方法".小型微型计算机系统 39.7(2018):1405-1409.
Files in This Item: Download All
File Name/Size DocType Version Access License
工控通信行为的自编码特征降维和双轮廓模型(844KB)期刊论文出版稿开放获取CC BY-NC-SAView Download
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[尚文利]'s Articles
[闫腾飞]'s Articles
[赵剑明]'s Articles
Baidu academic
Similar articles in Baidu academic
[尚文利]'s Articles
[闫腾飞]'s Articles
[赵剑明]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[尚文利]'s Articles
[闫腾飞]'s Articles
[赵剑明]'s Articles
Terms of Use
No data!
Social Bookmark/Share
File name: 工控通信行为的自编码特征降维和双轮廓模型异常检测方法.pdf
Format: Adobe PDF
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.