基于卷积神经网络的工控网络异常流量检测

doi:10.11772/j.issn.1001-9081.2018091928

计算机应用 ›› 2019, Vol. 39 ›› Issue (5): 1512-1517.DOI: 10.11772/j.issn.1001-9081.2018091928

• 应用前沿、交叉与综合 • 上一篇下一篇

基于卷积神经网络的工控网络异常流量检测

张艳升^1,2, 李喜旺², 李丹³, 杨华^1,2

1. 中国科学院大学, 北京 100049;
2. 中国科学院沈阳计算技术研究所, 沈阳 110168;
3. 国家电网公司东北电力调控分中心, 沈阳 110180

收稿日期:2018-09-17 修回日期:2018-12-07 出版日期:2019-05-10 发布日期:2019-05-14
通讯作者: 张艳升
作者简介:张艳升(1993-),男,山东潍坊人,硕士研究生,主要研究方向:电力大数据、机器学习;李喜旺(1977-),男,河南安阳人,研究员,硕士,主要研究方向:电力大数据、人工智能、区块链;李丹(1978-),男,辽宁丹东人,高级工程师,博士,主要研究方向:调度自动化、智能优化;杨华(1994-),男,山东泰安人,硕士研究生,主要研究方向:机器学习、自然语言处理。
基金资助:
国家科技重大专项（2017ZX01030-201）。

Abnormal flow monitoring of industrial control network based on convolutional neural network

ZHANG Yansheng^1,2, LI Xiwang², LI Dan³, YANG Hua^1,2

1. University of Chinese Academy of Sciences, Beijing 100049, China;
2. Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang Liaoning 110168, China;
3. Electric Power Control Northeast Branch Center, State Grid Corporation of China, Shenyang Liaoning 110180, China

Received:2018-09-17 Revised:2018-12-07 Online:2019-05-10 Published:2019-05-14
Supported by:
This work is partially supported by National Science and Technology Major Project (2017ZX01030-201).

摘要/Abstract

摘要： 针对工控系统中传统的异常流量检测模型在识别异常上准确率不高的问题，提出一种基于卷积神经网络（CNN）的异常流量检测模型。该模型以卷积神经网络算法为核心，主要由1个卷积层、1个全连接层、1个dropout层以及1个输出层构成。首先，将实际采集的网络流量特征数值规约到与灰度图像素值相对应的范围内，生成网络流量灰度图；然后，将生成好的网络流量灰度图输入到设计好的卷积神经网络结构中进行训练和模型调优；最后，将训练好的模型用于工控网络异常流量检测。实验结果表明，所提模型识别精度达到97.88%，且与已有的精度最高反向传播（BP）神经网络测精度提高了5个百分点。

关键词: 卷积神经网络, 异常流量监测, 工控网络, 特征提优, 深度学习

Abstract: Aiming at the inaccuracy of traditional abnormal flow detection model in the industrial control system, an abnormal flow detection model based on Convolutional Neural Network (CNN) was proposed. The proposed model was based on CNN algorithm and consisted of a convolutional layer, a full connection layer, a dropout layer and an output layer. Firstly, the actual collected network flow characteristic values were scaled to a range corresponding to the grayscale pixel values, and the network flow grayscale map was generated. Secondly, the generated network traffic grayscale image was put into the designed convolutional neural network structure for training and model tuning. Finally, the trained model was used to the abnormal flow detection of the industrial control network. The experimental results show that the proposed model has a recognition accuracy of 97.88%, which is 5 percentage points higher than that of Back Propagation (BP) neural network with the existing highest accuracy.

Key words: Convolutional Neural Network (CNN), abnormal flow monitoring, industrial control network, feature optimization, deep learning

中图分类号:

TP301.6

张艳升, 李喜旺, 李丹, 杨华. 基于卷积神经网络的工控网络异常流量检测[J]. 计算机应用, 2019, 39(5): 1512-1517.

ZHANG Yansheng, LI Xiwang, LI Dan, YANG Hua. Abnormal flow monitoring of industrial control network based on convolutional neural network[J]. Journal of Computer Applications, 2019, 39(5): 1512-1517.

参考文献

[1] 蒲晓川.大数据环境下的网络流量异常检测研究[J].现代电子技术,2018,41(3):84-87.(PU X C. Research on network traffic anomaly detection in large data environment[J]. Modern Electronic Technique, 2008,41(3):84-87.)
[2] 许晓东,杨燕,李刚.基于K-means聚类的网络流量异常检测[J].无线通信技术,2013,22(4):21-26.(XU X D, YANG Y, LI G. Network traffic anomaly detection based on K-means clustering[J].Wireless Communication Technology,2013,22(4):21-26.)
[3] 李洪成,吴晓平,姜洪海.基于改进聚类分析的网络流量异常检测方法[J].网络与信息安全学报,2015,1(1):66-71.(LI H C, WU X P, JIANG H H. Traffic anomaly detection method in networks based on improved clustering algorithm[J]. Chinese Journal of Network and Information Security,2015,1(1):66-71.)
[4] KRIZHEVSKY A, SUTSKEVER I, HINTON G. ImageNet classification with deep convolutional neural networks[C]// Proceedings of the 25th International Conference on Neural Information Processing Systems. Lake Tahoe, Nevada: Curran Associates Inc., 2012: 1097-1105.
[5] REN S, HE K, GIRSHICK R, et al. Faster R-CNN: towards real-time object detection with region proposal networks[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2017, 39(6): 1137-1149.
[6] 李勤,师维,孙界平,等.基于卷积神经网络的网络流量识别技术研究[J].四川大学学报(自然科学版),2017,54(5):959-964.(LI Q, SHI W, SUN J P, et al. The research of network traffic identification based on convolutional neural network[J]. Journal of Sichuan University (Natural Science Edition),2017,54(5):959-964.)
[7] 王海凤. 工业控制网络的异常检测与防御资源分配研究[D].杭州: 浙江大学,2014.(WANG H F. Research on anomaly detection and defense resource allocation of industrial control network[D]. Hangzhou: Zhejiang University, 2014.)
[8] 李彦冬,郝宗波,雷航.卷积神经网络研究综述[J].计算机应用,2016,36(9):2508-2515.(LI Y D, HAO Z B, LEI H. Review of convolutional neural network[J]. Journal of Computer Applications,2016,36(9):2508-2515.)
[9] 杨斌,钟金英.卷积神经网络的研究进展综述[J].南华大学学报(自然科学版),2016,30(3):66-72.(YANG B, ZHONG J Y. Review of convolution neural network[J]. Journal of South China University: Natural Science Edition, 2016, 30(3):66-72.)
[10] 常亮,邓小明,周明全,等.图像理解中的卷积神经网络[J].自动化学报,2016,42(9):1300-1312.(CHANG L, DENG X M, ZHOU M Q, et al. Convolution neural network in image comprehension[J]. Acta Automatica Sinica, 2016,42(9):1300-1312.)
[11] 张顺,龚怡宏,王进军.深度卷积神经网络的发展及其在计算机视觉领域的应用[J/OL].计算机学报,2017:1-29[2018-09-10].http://kns.cnki.net/kcms/detail/11.1826.TP.20170918.2025.006.html.(ZHANG S, GONG Y H, WANG J J. The depth of the convolution of the neural network development and its application in the field of computer vision[J/OL]. Chinese Journal of Computers, 2017:1-29[2018-09-10]. http://kns.cnki.net/kcms/detail/11.1826.TP.20170918.2025.006.html.)
[12] COELLO C C A, BECERRA R L. Constrained optimization using an evolutionary programming-based cultural algorithm[M]// Adaptive Computing in Design and Manufacture V.Berlin:Springer,2002:317-328.
[13] 李理,应三丛.基于FPGA的卷积神经网络Softmax层实现[J].现代计算机(专业版),2017(26):21-24.(LI L, Y S C. Softmax layer implementation of neural network based on FPGA[J]. Modern Computer: Professional Edition, 2017(26):21-24.)
[14] 吕国豪,罗四维,黄雅平,等.基于卷积神经网络的正则化方法[J].计算机研究与发展,2014,51(9):1891-1900.( LYU G H, LUO S W, HUANG Y P, et al. A novel regularization method based on convolution neural network[J]. Journal of Computer Research and Development, 2014,51(9):1891-1900.)
[15] 王功鹏,段萌,牛常勇.基于卷积神经网络的随机梯度下降算法[J].计算机工程与设计,2018,39(2):441-445.(WANG G P, DUAN M, NIU C Y. Stochastic gradient descent algorithm based on convolution neural network[J]. Computer Engineering and Design, 2008, 39(2):441-445.

基于卷积神经网络的工控网络异常流量检测

Abnormal flow monitoring of industrial control network based on convolutional neural network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	陈成瑞, 孙宁, 何世彪, 廖勇. 面向C-V2X通信的基于深度学习的联合信道估计与均衡算法[J]. 计算机应用, 2021, 41(9): 2687-2693.
[2]	谢德峰, 吉建民. 融入句法感知表示进行句法增强的语义解析[J]. 计算机应用, 2021, 41(9): 2489-2495.
[3]	代雨柔, 杨庆, 张凤荔, 周帆. 基于自监督学习的社交网络用户轨迹预测模型[J]. 计算机应用, 2021, 41(9): 2545-2551.
[4]	王贺兵, 张春梅. 基于非对称卷积-压缩激发-次代残差网络的人脸关键点检测[J]. 计算机应用, 2021, 41(9): 2741-2747.
[5]	郑志强, 胡鑫, 翁智, 王雨禾, 程曦. 基于改进DenseNet的牛眼图像特征提取方法[J]. 计算机应用, 2021, 41(9): 2780-2784.
[6]	宋中山, 梁家锐, 郑禄, 刘振宇, 帖军. 基于双向门控尺度特征融合的遥感场景分类[J]. 计算机应用, 2021, 41(9): 2726-2735.
[7]	李康康, 张静. 基于注意力机制的多层次编码和解码的图像描述模型[J]. 计算机应用, 2021, 41(9): 2504-2509.
[8]	张永斌, 常文欣, 孙连山, 张航. 基于字典的域名生成算法生成域名的检测方法[J]. 计算机应用, 2021, 41(9): 2609-2614.
[9]	赵宏, 孔东一. 图像特征注意力与自适应注意力融合的图像内容中文描述[J]. 计算机应用, 2021, 41(9): 2496-2503.
[10]	徐江浪, 李林燕, 万新军, 胡伏原. 结合目标检测的室内场景识别方法[J]. 计算机应用, 2021, 41(9): 2720-2725.
[11]	牟长宁, 王海鹏, 周丕宇, 侯鑫行. 基于图卷积神经网络的串联质谱从头测序[J]. 计算机应用, 2021, 41(9): 2773-2779.
[12]	何正海, 线岩团, 王蒙, 余正涛. 融合句法指导与字符注意力机制的案情阅读理解方法[J]. 计算机应用, 2021, 41(8): 2427-2431.
[13]	曹玉红, 徐海, 刘荪傲, 王紫霄, 李宏亮. 基于深度学习的医学影像分割研究综述[J]. 计算机应用, 2021, 41(8): 2273-2287.
[14]	秦斌斌, 彭良康, 卢向明, 钱江波. 司机分心驾驶检测研究进展[J]. 计算机应用, 2021, 41(8): 2330-2337.
[15]	黄程程, 董霄霄, 李钊. 基于二维Winograd算法的深流水线5×5卷积方法[J]. 计算机应用, 2021, 41(8): 2258-2264.