基于优化单类支持向量机的工业控制系统入侵检测算法
Intrusion Detection Algorithm Based on Optimized One-class Support Vector Machine for Industrial Control System
查看参考文献20篇
文摘
|
基于通信行为的异常检测是工业控制系统入侵检测的难点问题.通过利用粒子群优化(particle swarm optimization,PSO)算法对单类支持向量机(one-class support vector machine,OCSVM)算法的参数进行优化,提出一种PSO-OCSVM算法. 该算法根据正常的Modbus功能码序列建立正常通信行为的入侵检测模型,识别出异常的Modbus TCP通信流量.通过仿真对比分析,证明PSO-OCSVM算法满足工业控制系统通信异常检测对高效性、可靠性和实时性的需求. |
其他语种文摘
|
The detection of anomalous communication behavior is a challenging problem with respect to detecting intrusions in industrial control systems. We utilize the particle swarm optimization (PSO) algorithm to optimize the parameters of the one-class support vector machine (OCSVM),and further propose the PSO-OCSVM algorithm. According to the function codes of the standard Modbus transmission control protocol (TCP),we developed an intrusion detection model of normal communication behavior to enable the identification of abnormal Modbus TCP communication. A comparison and analysis of the simulation confirms that the proposed algorithm is demonstrably efficient, reliable, and operates in real-time, and thus has the potential to meet the requirements of anomaly detection in industrial control systems. |
来源
|
信息与控制
,2015,44(6):678-684 【核心库】
|
DOI
|
10.13976/j.cnki.xk.2015.0678
|
关键词
|
单类支持向量机
;
入侵检测
;
Modbus功能码
;
粒子群优化
|
地址
|
中国科学院沈阳自动化研究所, 辽宁, 沈阳, 110016
|
语种
|
中文 |
文献类型
|
研究性论文 |
ISSN
|
1002-0411 |
学科
|
自动化技术、计算机技术 |
基金
|
国家自然科学基金资助项目
;
中国科学院网络化控制系统重点实验室自主课题资助项目
|
文献收藏号
|
CSCD:5630309
|
参考文献 共
20
共1页
|
1.
谭爱平. 基于SVM的网络入侵检测集成学习算法.
计算机科学,2014,41(2):197-200
|
被引
14
次
|
|
|
|
2.
Garcia-Teodoro P. Anomaly-based network intrusion detection: Techniques,systems and challenges.
Computers & Security,2009,28(1/2):18-28
|
被引
25
次
|
|
|
|
3.
Papa S M.
A behavioral intrusion detection system for SCADA systems,2013
|
被引
3
次
|
|
|
|
4.
Zhu B. SCADA-specific intrusion detection/prevention systems: A survey and taxonomy.
Proceedings of the 1st Workshop on Secure Control Systems (SCS),2010:1-16
|
被引
1
次
|
|
|
|
5.
李昆仑. 基于SVM技术的入侵检测.
信息与控制,2003,32(6):495-506
|
被引
7
次
|
|
|
|
6.
Yasakethu S L P. Intrusion detection via machine learning for SCADA system protection.
Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research,2013:101-105
|
被引
1
次
|
|
|
|
7.
Xiao Y C. Two methods of selecting Gaussian kernel parameters for one-class SVM and their application to fault detection.
Knowledge-Based Systems,2014,59:75-84
|
被引
9
次
|
|
|
|
8.
黄谦. 基于One-class SVM的实时入侵检测系统.
计算机工程,2006,32(16):127-129
|
被引
6
次
|
|
|
|
9.
Winter P. Inductive intrusion detection in flow-based network data using one-class support vector machines.
Proceedings of the 4th IFIP International Conference on New Technologies,Mobility and Security (NTMS),2011:1-5
|
被引
1
次
|
|
|
|
10.
张云贵. 基于自学习半监督单类支持向量机的SCADA入侵检测系统.
冶金自动化,2013,37(2):1-5
|
被引
3
次
|
|
|
|
11.
吴定海. 基于支持向量的单类分类方法综述.
计算机工程,2011,37(5):187-189
|
被引
14
次
|
|
|
|
12.
尹传环. 单类支持向量机的研究进展.
计算机工程与应用,2012,48(12):1-5,91
|
被引
8
次
|
|
|
|
13.
Zhang R. One class support vector machine for anomaly detection in the communication network performance data.
Proceedings of the 5 th Conference on Applied Electromagnetics, Wireless and Optical Communications,2007:37-44
|
被引
1
次
|
|
|
|
14.
司马莉萍. 基于Modbus/TCP协议的工业控制通信.
计算机应用,2006,25(B12):29-31
|
被引
1
次
|
|
|
|
15.
尚文利. 基于PSO-SVM的Modbus TCP通讯的异常检测方法.
电子学报,2014,42(11):2314-2320
|
被引
21
次
|
|
|
|
16.
Chen Y T. A new one-class SVM for anomaly detection.
Proceedings of IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP),2013:3567-3571
|
被引
1
次
|
|
|
|
17.
倪庆剑. 粒子群优化算法研究进展.
模式识别与人工智能,2007,20(3):349-357
|
被引
31
次
|
|
|
|
18.
Tian J. Anomaly detection combining one-class SVMs and particle swarm optimization algorithms.
Nonlinear Dynamics,2010,61(1/2):303-310
|
被引
2
次
|
|
|
|
19.
Onoda T. Analysis of intrusion detection in control system communication based on outlier detection with one-class classifiers.
Neural Information Processing,2012,7667:275-282
|
被引
2
次
|
|
|
|
20.
潘峰. 粒子群优化算法模型分析.
自动化学报,2006,32(3):368-377
|
被引
35
次
|
|
|
|
|