摘要
随着信息化的发展,工业控制系统面临严重的安全威胁,提出一种基于PU学习的工业控制系统异常检测方法。该方法通过状态表示将状态变量表示为二元组,从少量正常样本片段中提取状态转换图,从大量未标记样本中生成孤立森林模型。根据状态转换图和孤立森林模型分别判断状态转换关系和状态自循环的正确性。在工控系统测试平台SWaT上进行验证,结果表明,当污染率c取12%时检测效果最佳,与基于协同训练与C4.5决策树的方法相比,从根本上提升了异常的查全率。
With the development of information technology,industrial control systems face serious security threats.This paper proposes an anomaly detection method for industrial control systems based on PU learning.The method expresses the state variables as a two-tuples by state representation,extracts a state transition diagram from a small number of normal sample fragments and generates an isolated forest model from a large number of unlabeled samples.According to state transition diagram and isolated forest,the correctness of the state transition relationship and the state self-loop is judged respectively.The method is verified on the industrial control system test platform SWaT.The results show that when the pollution rate c is 12%,the detection effect is the best.Compared with the method based on tri-training and C4.5 decision tree,the recall of anomaly is improved fundamentally.
作者
王伟
谢耀滨
尹青
WANG Wei;XIE Yaobin;YIN Qing(China HUAYI Broadcasting Corporation,Fuzhou 350000,China;Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2019年第2期210-216,共7页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61802431)
关键词
工业控制系统
异常检测
PU学习
状态转换图
孤立森林
industrial control system
anomaly detection
PU learning
state transition diagram
isolation forest
