摘要
针对工业控制系统(ICS)入侵检测中的攻击检测和攻击类型识别问题,提出了一种基于相关向量机(RVM)联合遗传模拟退火(GSA)优化支持向量机(SVM)的分层入侵检测算法。首先利用RVM分类器对ICS的高维网络特征数据进行自适应选择和分类识别,在自动确定最优分类特征的同时将入侵数据分类为“正常”和“异常”两类,然后利用SVM对“异常”数据中的攻击类型进行分类,针对SVM识别性能受核参数选择影响较大的问题,利用SA算子对GA局部搜索能力进行改进,得到全局搜索和局部搜索能力较均衡的GSA优化算法,对SVM核参数进行全局寻优,确保其收敛于全局最优解,从而提升识别性能。基于密西西比州立大学(MSU)公开的ICS入侵检测评估数据集开展试验,结果表明所提方法与其他常见方法相比具有更强的攻击检测和攻击类型识别能力,能够有效提升ICS系统的安全性和可靠性。
Aiming at the problems of attack detection and attack type recognition in industrial control system(ICS) intrusion detection,a hierarchical ICS intrusion detection algorithm based on relevance vector machine(RVM) combined with genetic simulated annealing and support vector machine(GSA-SVM) is proposed.Firstly,the RVM classifier is used to adaptively select and classify the high-dimensional network feature data of ICS,and classify the intrusion data into “normal” and “abnormal” categories while automatically determining the optimal classification features.Then,SVM is utilized to categorize the types of attacks in the “abnormal”data.For the problem that SVM recognition performance is greatly affected by the selection of kernel parameters,the simulated annealing(SA) operator is used to improve the local search ability of genetic algorithm(GA),and a GSA optimization algorithm with balanced global search and local search ability is obtained to optimize the kernel parameters of SVM globally to ensure that they converge to the global optimal solution,thereby improving recognition performance.The test based on the ICS intrusion detection evaluation data published by Mississippi State University(MSU) is carried out.The results show that the proposed method has stronger ability of attack detection and attack type recognition than other common methods,and can effectively improve the security and reliability of the ICS.
作者
黄兆军
曾明如
HUANG Zhao-jun;ZENG Ming-ru(School of Mechanical and Electrical Engineering,Zhuhai City Polytechnic,Zhuhai 519090,China;Information Engineering School,Nanchang University,Nanchang 330031,China)
出处
《控制工程》
CSCD
北大核心
2022年第7期1323-1329,共7页
Control Engineering of China
基金
广东省普通高等学校特色创新项目(2022GKTSCX088)
珠海城市职业技术学院重点科研项目(KY2020Z02Z)。
关键词
工业控制系统
攻击检测
攻击类型识别
相关向量机
特征选择
遗传模拟退火
Industrial control system
attack detection
attack type recognition
relevance vector machine
feature selection
genetic simulated annealing
