基于改进单类支持向量机的工业控制网络入侵检测方法

doi:10.11772/j.issn.1001-9081.2017102502

计算机应用 ›› 2018, Vol. 38 ›› Issue (5): 1360-1365.DOI: 10.11772/j.issn.1001-9081.2017102502

基于改进单类支持向量机的工业控制网络入侵检测方法

刘万军, 秦济韬, 曲海成

辽宁工程技术大学软件学院, 辽宁葫芦岛 125105

收稿日期:2017-10-23 修回日期:2017-12-12 出版日期:2018-05-10 发布日期:2018-05-24
通讯作者: 秦济韬
作者简介:刘万军(1959-),男,辽宁北镇人,教授,博士生导师,博士,CCF高级会员,主要研究方向:数字图像处理;秦济韬(1994-),男,河北张家口人,硕士研究生,主要研究方向:工业控制网络安全;曲海成(1981-),男,山东烟台人,副教授,博士,主要研究方向:遥感图像高性能计算。
基金资助:
辽宁省教育厅科研一般项目（L2015216）；辽宁工程技术大学生产技术基金资助项目（20160092T）。

Intrusion detection algorithm of industrial control network based on improved one-class support vector machine

LIU Wanjun, QIN Jitao, QU Haicheng

School of Software, Liaoning Technical University, Huludao Liaoning 125105, China

Received:2017-10-23 Revised:2017-12-12 Online:2018-05-10 Published:2018-05-24
Contact: 秦济韬
Supported by:
This work is partially supported by the General Project of Scientific Research of the Education Department of Liaoning Province (L2015216), the Production technology Foundation of Liaoning Technical University (20160092T).

摘要/Abstract

摘要： 针对单类支持向量机（OCSVM）入侵检测方法无法检测内部异常点和离群点导致决策函数偏离训练样本的问题，提出了一种结合具有噪声的密度聚类（DBSCAN）方法和K-means方法的OCSVM异常入侵检测算法。首先通过DBSCAN算法，剔除训练数据中的离群点，消除离群点的影响；然后利用K-means划分数据类簇的方法筛选出内部异常点；最后利用OCSVM算法为每一个类簇建立单分类器用于检测异常数据。工控网络数据集上的实验结果表明，该组合分类器能够利用无异常数据样本检测出工控网络入侵，并且提高了OCSVM方法的检测效果。在气体管道网络数据集入侵检测实验中，所提方法的总体检测率为91.81%；而原始OCSVM算法则为80.77%。

关键词: 单类支持向量机, 具有噪声的密度聚类, K-means, 工业控制网络, 异常入侵检测

Abstract: Since the intrusion detection method based on One-Class Support Vector Machine (OCSVM) can not detect internal abnormal points and outliers, which leads to the deviation of decision function from training samples. A new OCSVM anomaly detection function combining DBSCAN (Density-Based Spatial Clustering of Applications with Noise) and K-means was proposed. Firstly, the outliers in the training data were removed by DBSCAN algorithm to eliminate the influence of outliers. Then, K-means clustering method was used to classify normal data clusters, so that the internal abnormal points could be selected. Finally, a one-class classifier for each data cluster was created to detect exception data by OCSVM algorithm. The experimental results on industrial control networks show that the combined classifier can detect the intrusion attacks of the industrial control network by using normal data, and it can improve the detection effect of OCSVM algorithm. In intrusion detection experiment of gas pipeline, the overall detection rate of the proposed method is 91.81%, while the overall detection rate of OCSVM algorithm is 80.77%.

Key words: One-Class Support Vector Machine (OCSVM), Density-Based Spatial Clustering of Applications with Noise (DBSCAN), K-means, industrial control network, abnormal intrusion detection

中图分类号:

TP393.08

刘万军, 秦济韬, 曲海成. 基于改进单类支持向量机的工业控制网络入侵检测方法[J]. 计算机应用, 2018, 38(5): 1360-1365.

LIU Wanjun, QIN Jitao, QU Haicheng. Intrusion detection algorithm of industrial control network based on improved one-class support vector machine[J]. Journal of Computer Applications, 2018, 38(5): 1360-1365.

参考文献

[1] KNOWLES W, PRINCE D, JONES K, et al. A survey of cyber security management in industrial control systems[J]. International Journal of Critical Infrastructure Protection, 2015, 9(C):52-80.
[2] 尚文利, 安攀峰, 万明,等. 工业控制系统入侵检测技术的研究及发展综述[J]. 计算机应用研究, 2017, 34(2):328-333,342.(SHANG W L, AN P F, WAN M, et al. Research and development overview of intrusion detection technology in industrial control system[J]. Application Research of Computers, 2017, 34(2):328-333,342.)
[3] 杨安, 孙利民, 王小山,等. 工业控制系统入侵检测技术综述[J]. 计算机研究与发展, 2016, 53(9):2039-2054.(YANG A, SUN L M, WANG X S, et al. Intrusion detection techniques for industrial control systems[J]. Journal of Computer Research and Development, 2016, 53(9):2039-2054.)
[4] NADER P. One-class classification for cyber intrusion detection in industrial systems[J]. IEEE Transactions on Industrial Informatics, 2015, 10(4):2308-2317.
[5] 尚文利, 李琳, 万明,等. 基于优化单类支持向量机的工业控制系统入侵检测算法[J]. 信息与控制, 2015, 44(6):678-684.(SHANG W L, LI L, WAN M, et al. Intrusion detection algorithm based on optimized one-class support vector machine for industrial control system[J]. Information and Control, 2015, 44(6):678-684.)
[6] HOFFMANN H. Kernel PCA for novelty detection[J]. Pattern Recognition, 2007, 40(3):863-874.
[7] BARTMAN T, KRAFT J. An introduction to applying network intrusion detection for industrial control systems[EB/OL].[2017-06-20]. http://sel-cables.com/api/download/114922/.
[8] 万明, 尚文利, 曾鹏,等. 基于功能码深度检测的Modbus/TCP通信访问控制方法[J]. 信息与控制, 2016, 45(2):248-256.(WAN M, SHANG W L, ZENG P, et al. Modbus/TCP communication control method based on deep function code inspection[J]. Information and Control, 2016, 45(2):248-256.)
[9] KIM G, LEE S, KIM S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection[J]. Expert Systems with Applications, 2014, 41(4):1690-1700.
[10] 吴丽云, 李生林, 甘旭升,等. 基于PLS特征提取的网络异常入侵检测CVM模型[J]. 控制与决策, 2017, 32(4):755-758.(WU L Y, LI S L, GAN X S, et al. Network anomaly intrusion detection CVM model based on PLS feature extraction[J]. Control and Decision, 2017, 32(4):755-758.)
[11] NADER P, HONEINE P, BEAUSEROY P. Lp-norms in one-class classification for intrusion detection in SCADA systems[J]. IEEE Transactions on Industrial Informatics, 2014, 10(4):2308-2317.
[12] HANBIAO L I. A new kind of SVM intrusion detection strategy for integration[J]. Computer Engineering & Applications, 2012, 94(3):1289-1291.
[13] 尚文利, 张盛山, 万明,等. 基于PSO-SVM的Modbus TCP通讯的异常检测方法[J].电子学报, 2014, 42(11):2314-2320.(SHANG W L, ZHANG S S, WAN M, et al. Modbus/TCP communication anomaly detection algorithm based on PSO-SVM[J].Acta Electronica Sinica, 2014, 42(11):2314-2320.)
[14] 李琳, 尚文利, 姚俊,等. 单类支持向量机在工业控制系统入侵检测中的应用研究综述[J].计算机应用研究, 2016, 33(1):7-11.(LI L, SHANG W L, YAO J, et al. Overview of one-class support vector machine in intrusion detection of industrial control system[J].Application Research of Computers,2016, 33(1):7-11.)
[15] AMER M, GOLDSTEIN M, ABDENNADHER S. Enhancing one-class support vector machines for unsupervised anomaly detection[C]//Proceedings of the ACM SIGKDD Workshop on Outlier Detection and Description. New York:ACM, 2013:8-15.
[16] MUDA Z, YASSIN W, SULAIMAN M N, et al. Intrusion detection based on k-means clustering and OneR classification[C]//Proceedings of the 20117th International Conference on Information Assurance and Security. Piscataway, NJ:IEEE, 2012:192-197.
[17] 王茜, 刘胜会.改进K-means算法在入侵检测中的应用研究[J]. 计算机工程与应用, 2015, 51(17):124-127.(WANG Q, LIU S H. Application research of improved K-means algorithm in intrusion detection[J]. Computer Engineering and Applications, 2015, 51(17):124-127.)
[18] MORRIS T, GAO W. Industrial control system traffic data sets for intrusion detection research[C]//ICCIP 2014:Proceedings of the 2014 International Conference on Critical Infrastructure Protection. Berlin:Springer, 2014:65-78.

基于改进单类支持向量机的工业控制网络入侵检测方法

Intrusion detection algorithm of industrial control network based on improved one-class support vector machine

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	邹志文, 秦程. 基于k-means++的动态构建空间主题R树方法[J]. 计算机应用, 2021, 41(3): 733-737.
[2]	张恩, 李会敏, 常键. 可验证的隐私保护k-means聚类方案[J]. 计算机应用, 2021, 41(2): 413-421.
[3]	杨威亚, 余正涛, 高盛祥, 宋燃. 基于跨语言神经主题模型的汉越新闻话题发现方法[J]. 计算机应用, 2021, 41(10): 2879-2884.
[4]	王磊. 改进粗糙集属性约简结合K-means聚类的网络入侵检测方法[J]. 计算机应用, 2020, 40(7): 1996-2002.
[5]	俞皓芳, 孙力帆, 付主木. 基于改进K-means++聚类的多扩展目标跟踪算法[J]. 计算机应用, 2020, 40(1): 271-277.
[6]	陈万志, 徐东升, 张静, 唐雨. 结合优化支持向量机与K-means++的工控系统入侵检测方法[J]. 计算机应用, 2019, 39(4): 1089-1094.
[7]	尚方信, 郭浩, 李钢, 张玲. 基于One-class SVM的噪声图像分割方法[J]. 计算机应用, 2019, 39(3): 874-881.
[8]	杜阳, 姜震, 冯路捷. 结合支持向量机与半监督K-means的新型学习算法[J]. 计算机应用, 2019, 39(12): 3462-3466.
[9]	朱繁, 王洪元, 张继. 基于改进的Mask R-CNN的行人细粒度检测算法[J]. 计算机应用, 2019, 39(11): 3210-3215.
[10]	陈万志, 李东哲. 结合白名单过滤和神经网络的工业控制网络入侵检测方法[J]. 计算机应用, 2018, 38(2): 363-369.
[11]	杨雅倩, 唐绍婷. 基于扩展的低阶多元广义线性模型的脑节点识别方法[J]. 计算机应用, 2018, 38(10): 3048-3052.
[12]	邵伦, 周新志, 赵成萍, 张旭. 基于多维网格空间的改进K-means聚类算法[J]. 计算机应用, 2018, 38(10): 2850-2855.
[13]	张承畅, 张华誉, 罗建昌, 何丰. 基于云计算和改进K-means算法的海量用电数据分析方法[J]. 计算机应用, 2018, 38(1): 159-164.
[14]	穆桃, 陈伟, 陈松健. 基于多层网络流量分析的用户分类方法[J]. 计算机应用, 2017, 37(3): 705-710.
[15]	霍纬纲, 程震, 程文莉. 面向不等长多维时间序列的聚类改进算法[J]. 计算机应用, 2017, 37(12): 3477-3481.