Intrusion detection method for industrial control system with optimized support vector machine and K-means++

doi:10.11772/j.issn.1001-9081.2018091932

Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (4): 1089-1094.DOI: 10.11772/j.issn.1001-9081.2018091932

Previous Articles Next Articles

Intrusion detection method for industrial control system with optimized support vector machine and K-means++

CHEN Wanzhi¹, XU Dongsheng¹, ZHANG Jing², TANG Yu¹

1. School of Electronic and Information Engineering, Liaoning Technical University, Huludao Liaoning 125105, China;
2. China Petroleum Liaohe Equipment Company, Panjin Liaoning 124010, China

Received:2018-09-17 Revised:2018-11-25 Online:2019-04-10 Published:2019-04-10
Supported by:
This work is partially supported by the Ph. D. Start-up Funded Project of Liaoning Technical University (2015-1147), the Local Serve Project of Liaoning Provincial Education Department (LJ2017FAL009).

结合优化支持向量机与K-means++的工控系统入侵检测方法

陈万志¹, 徐东升¹, 张静², 唐雨¹

1. 辽宁工程技术大学电子与信息工程学院, 辽宁葫芦岛 125105;
2. 渤海装备辽河重工有限公司, 辽宁盘锦 124010

通讯作者: 徐东升
作者简介:陈万志(1977-),男,辽宁阜新人,副教授,博士,CCF会员,主要研究方向:人工智能、计算机过程控制;徐东升(1993-),男,安徽芜湖人,硕士研究生,主要研究方向:人工智能、网络安全;张静(1980-),女,江苏徐州人,主要研究方向:电气自动化、工业控制;唐雨(1994-),女,辽宁大连人,硕士研究生,主要研究方向:人工智能、网络安全。
基金资助:
辽宁工程技术大学博士启动基金资助项目（2015-1147）；辽宁省教育厅服务地方类项目（LJ2017FAL009）。

Abstract

Abstract: Aiming at the problem that traditional single detection algorithm models have low detection rate and slow detection speed on different types of attacks in industrial control system, an intrusion detection model combining optimized Support Vector Machine (SVM) and K-means++algorithm was proposed. Firstly, the original dataset was preprocessed by Principal Component Analysis (PCA) to eliminate its correlation. Secondly, an adaptive mutation process was added to Particle Swarm Optimization (PSO) algorithm to avoid falling into local optimal solution during the training process. Thirdly, the PSO with Adaptive Mutation (AMPSO) algorithm was used to optimize the kernel function and penalty parameters of the SVM. Finally, a K-means algorithm improved by density center method was united with the optimized support vector machine to form the intrusion detection model, achieving anomaly detection of industrial control system. The experimental results show that the proposed method can significantly improve the detection speed and the detection rate of various attacks.

Key words: industrial control system, Principal Component Analysis (PCA), Particle Swarm Optimization (PSO) algorithm, Support Vector Machine (SVM), density center method, K-means algorithm

摘要： 针对工业控制系统传统单一检测算法模型对不同攻击类型检测率和检测速度不佳的问题，提出一种优化支持向量机和K-means++算法结合的入侵检测模型。首先利用主成分分析法（PCA）对原始数据集进行预处理，消除其相关性；其次在粒子群优化（PSO）算法的基础上加入自适应变异过程避免在训练的过程中陷入局部最优解；然后利用自适应变异粒子群优化（AMPSO）算法优化支持向量机的核函数和惩罚参数；最后利用密度中心法改进K-means算法与优化后的支持向量机组合成入侵检测模型，从而实现工业控制系统的异常检测。实验结果表明，所提方法在检测速度和对各类攻击的检测率上得到明显提升。

关键词: 工业控制系统, 主成分分析, 粒子群优化算法, 支持向量机, 密度中心法, K-means算法

CLC Number:

TP393.08

CHEN Wanzhi, XU Dongsheng, ZHANG Jing, TANG Yu. Intrusion detection method for industrial control system with optimized support vector machine and K-means++[J]. Journal of Computer Applications, 2019, 39(4): 1089-1094.

陈万志, 徐东升, 张静, 唐雨. 结合优化支持向量机与K-means++的工控系统入侵检测方法[J]. 计算机应用, 2019, 39(4): 1089-1094.

References

[1] 尚文利, 安攀峰, 万明, 等.工业控制系统入侵检测技术的研究及发展综述[J]. 计算机应用研究, 2017, 34(2):328-330. (SHANG W L, AN P F, WAN M, et al. A survey of the research and development of industrial control system intrusion detection technology[J]. Application Research of Computers, 2017, 34(2):328-330.)
[2] 杨安, 孙利民, 王小山, 等.工业控制系统入侵检测技术综述[J]. 计算机研究与发展, 2016, 53(9):2039-2054. (YANG A, SUN L M, WANG X S, et al. Industrial control system intrusion detection technology overview[J]. Computer Research and Development, 2016, 53(9):2039-2054.)
[3] 李洋. K-means聚类算法在入侵检测中的应用[J]. 计算机工程, 2007, 33(14):154-156. (LI Y. Application of K-means clustering algorithm in intrusion detection[J]. Computer Engineering, 2007, 33(14):154-156.)
[4] 刘万军, 秦济韬, 曲海成, 等.基于改进单类支持向量机的工业控制网络入侵检测[J]. 计算机应用, 2017, 26(12):1-5. (LIU W J, QIN J T, QU H C, et al. Industrial control network intrusion detection method based on improved single-class support vector machin[J]. Journal of Computer Applications, 2017, 26(12):1-5.)
[5] PARVANIA M, KOUTSANDRIA G, MUTHUKUMAR V, et al. Hybrid control network intrusion detection systems for automated power distribution systems[C]//Proceedings of the 2014 IEEE/IFIP International Conference on Dependable Systems and Networks. Washington, DC:IEEE Computer Society, 2014:774-779.
[6] 梁辰, 李成海, 周来恩.PCA-BP神经网络入侵检测方法[J]. 空军工程大学学报, 2016, 32(6):93-96. (LIANG C, LI C H, ZHOU L E. PCA-BP neural network intrusion detection method[J]. Journal of Air Force Engineering University, 2016, 32(6):93-96.)
[7] 陈万志, 李东哲.结合白名单过滤和神经网络的工业控制网络入侵检测方法[J]. 计算机应用, 2018, 38(2):363-369. (CHEN W Z, LI D Z. Industrial control network intrusion detection method combining white list filtering and neural network[J]. Journal of Computer Applications, 2018, 38(2):363-369.)
[8] 陈万志, 唐雨, 张静.工业控制网络异常通信检测的改进鱼群算法优化方法[J]. 计算机应用研究, 2018, 36(8):323-328. (CHEN W Z, TANG Y, ZHANG J. Improved fish school algorithm optimization method for abnormal communication detection in industrial control networks[J]. Application Research of Computers, 2018, 36(8):323-328.)
[9] LEE C B, ROEDEL C, SILENOK E. Detection and characterization of port scan attacks[J]. Key Engineering Materials, 2014, 602/603(3):93-96.
[10] 陈冬青, 张普含, 王华忠.基于MIKPSO-SVM方法的工业控制系统入侵检测[J]. 清华大学学报(自然科学版), 2018, 58(4):380-386. (CHEN D Q, ZHANG P H, WANG H Z. Intrusion detection of industrial control systems based on MIKPSO-SVM method[J]. Journal of Tsinghua University (Science and Technology), 2018, 58(4):380-386.)
[11] 周炜奔, 石跃祥.基于密度的K-means聚类中心选取的优化算法[J]. 计算机应用研究, 2012, 29(5):1726-1728. (ZHOU W B, SHI Y X. Density-based K-means clustering center selection algorithm[J]. Application Research of Computers, 2012, 29(5):1726-1728.)
[12] BISHOP M, GATES C. Defining the insider threat[EB/OL].[2018-05-10]. https://escholarship.org/uc/item/1qm187cg.
[13] 马占飞, 陈虎年, 杨晋, 等.一种基于IPSO-SVM算法的网络入侵检测方法[J]. 计算机科学, 2018, 45(2):231-235. (MA Z F, CHEN H N, YANG J, et al. A network intrusion detection method based on IPSO-SVM algorithm[J]. Computer Science, 2018, 45(2):231-235.)
[14] 王晓燕. K-均值算法与自组织神经网络算法的改进研究及应用[D]. 太原:中北大学, 2017:65-66. (WANG X Y. Research and application of K-means algorithm and self-organizing neural network algorithm[D]. Taiyuan:North University of China, 2017:65-66.)
[15] 牛雷, 孙忠林.PCA-AKM算法及其在入侵检测中的应用[J]. 计算机科学, 2018, 45(2):226-229. (NIU L, SUN Z L. PCA-AKM algorithm and its application in intrusion detection[J]. Computer Science, 2018, 45(2):226-229.)

Intrusion detection method for industrial control system with optimized support vector machine and K-means++

结合优化支持向量机与K-means++的工控系统入侵检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	ZHANG Meng, GUO Jianquan. Channel structure choice of closed-loop supply chain under uncertain demand and recovery [J]. Journal of Computer Applications, 2021, 41(7): 2100-2107.
[2]	JIA Heming, JIANG Zichao, LI Yao, SUN Kangjian. Simultaneous feature selection optimization based on improved spotted hyena optimizer algorithm [J]. Journal of Computer Applications, 2021, 41(5): 1290-1298.
[3]	FAN Xiaomao, XIONG Honglin, ZHAO Gansen. Cleaning scheduling model with constraints and its solution [J]. Journal of Computer Applications, 2021, 41(2): 577-582.
[4]	YUAN Qianqian, DENG Hongmin, WANG Xiaohang. Citrus disease and insect pest area segmentation based on superpixel fast fuzzy C-means clustering and support vector machine [J]. Journal of Computer Applications, 2021, 41(2): 563-570.
[5]	Kai LI, Jie LI. Structure-fuzzy multi-class support vector machine algorithm based on pinball loss [J]. Journal of Computer Applications, 2021, 41(11): 3104-3112.
[6]	TONG Lin, GUAN Zheng. Fuzzy granulation prediction of traffic flow based on improved whale optimization support vector machine [J]. Journal of Computer Applications, 2021, 41(10): 2919-2927.
[7]	LU Rongxiu, CHEN Mingming, YANG Hui, ZHU Jianyong. Element component content dynamic monitoring system based on time sequence characteristics of solution images [J]. Journal of Computer Applications, 2021, 41(10): 3075-3081.
[8]	ZHAO Guoxin, DING Ruofan, YOU Jianzhou, LYU Shichao, PENG Feng, LI Fei, SUN Limin. Design and implementation of high-interaction programmable logic controller honeypot system based on industrial control business simulation [J]. Journal of Computer Applications, 2020, 40(9): 2650-2656.
[9]	LUO Bin, YU Bo. Computation offloading strategy based on particle swarm optimization in mobile edge computing [J]. Journal of Computer Applications, 2020, 40(8): 2293-2298.
[10]	ZHOU Wenfeng, LIANG Xiaolei, TANG Kexin, LI Zhanghong, FU Xiuwen. Hybrid particle swarm optimization algorithm with topological time-varying and search disturbance [J]. Journal of Computer Applications, 2020, 40(7): 1913-1918.
[11]	ZHANG Jianming, SHI Yuanhao, XU Zhengyi, WEI Jianming. Adaptive UWB/PDR fusion positioning algorithm based on error prediction [J]. Journal of Computer Applications, 2020, 40(6): 1755-1762.
[12]	HUO Qingqing, GUO Jianquan. Multi-objective closed-loop logistics network model of fresh foods based on improved genetic algorithm [J]. Journal of Computer Applications, 2020, 40(5): 1494-1500.
[13]	LI Dongbo, HUANG Lyuwen. Reweighted sparse principal component analysis algorithm and its application in face recognition [J]. Journal of Computer Applications, 2020, 40(3): 717-722.
[14]	WANG Yang, ZHAO Hongdong. Human activity recognition based on improved particle swarm optimization-support vector machine and context-awareness [J]. Journal of Computer Applications, 2020, 40(3): 665-671.
[15]	LI Hui, YANG Zhixia. Multiple birth support vector machine based on Rescaled Hinge loss function [J]. Journal of Computer Applications, 2020, 40(11): 3139-3145.