摘要
工业互联网中节点数据具有高维、冗余和海量等特性,传统的恶意行为检测模型无法对工业互联网恶意攻击行为做出快速且准确的判断,提出基于特征组合优化的工业互联网恶意行为实时检测方法.采用改进的相关性快速过滤算法和基于奇异值分解的主成分分析算法对工业互联网恶意行为样本数据进行特征组合优化,基于对称不确定性信息度量指标和近似马尔科夫毯准则进行特征相关性计算、冗余特征识别与排除,通过参数特征维度的不同配置得到若干候选特征组合;利用决策树评估器筛选出准确率最高的候选特征组合;通过奇异值分解的主成分分析进一步进行特征降维,得到低维高信息量的最优特征组合;结合极端梯度提升算法和优化的特征组合对工业互联网恶意行为样本进行分类,基于密西西比州立大学多分类电力系统攻击样本数据对本文方法进行了验证;实验结果表明,特征组合优化检测模型训练时间可缩减57.53%,单个样本的平均检测时间为0.002 ms,可减少23.99%,基于特征组合优化的检测模型的准确率、召回率和F1值较特征优化前分别提升了1.11%、1.25%和1.01%.本文方法的突出优势表现为在提升模型检测效果的同时可明显降低模型检测时间,能更好适应工业互联网的实时性要求.
The data of nodes in industrial Internet have characteristics of high dimensionality,redundancy and mass and traditional malicious behaviors detection model cannot make a fast and accurate judgment on the malicious behaviors of industrial Internet.A real-time detection method of malicious behaviors in industrial Internet based on feature combination optimization is proposed.The feature combination of industrial Internet malicious behaviors sample data are optimized by improved fast correlation filtering algorithm and principal component analysis algorithm based on singular value decomposi⁃tion.Based on symmetric uncertainty information measurement index and approximate Markov blanket criterion,feature correlation calculation,redundant feature identification and exclusion are performed.Several candidate feature combina⁃tions are obtained from different configurations of feature dimensions;Use decision tree evaluator to select the feature com⁃bination with the highest accuracy;To acquire the optimal feature combination of lower dimension and higher valuable in⁃formation,the principal component analysis of singular value decomposition is used for further reduce dimension of feature;To classify malicious behaviors samples in industrial Internet through combing extreme gradient boosting algorithm and the optimized feature combination.The proposed method is verified based on Mississippi State University's multi-class power system attack sample data;The experiment demonstrate that training time of the feature combination optimization detection model can be reduced by 57.53%,and the average detection time of a single sample is 0.002 ms,which can be reduced by 23.99%.The accuracy,recall and F1 value of the detection model based on feature combination optimization are improved by 1.11%,1.25%and 1.01%,respectively compared with those before feature optimization.The outstanding advantage of method in this paper is that it can significantly reduce model detection time while improving model detection effect,and can bet
作者
胡向东
张琴
HU Xiang-dong;ZHANG Qin(School of Modern Posts,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;School of Automation/School of Industrial Internet,Chongqing University of Posts and Telecommunications,Chongqing 400065,China)
出处
《电子学报》
EI
CAS
CSCD
北大核心
2024年第9期3075-3085,共11页
Acta Electronica Sinica
基金
重庆市级人才计划项目(No.cstc204ycjh-bgzxm0088)。
关键词
工业互联网
改进的相关性快速过滤算法
奇异值分解的主成分分析
特征组合优化
极端梯度提升
恶意行为实时检测
industrial Internet
improved fast correlation filtering algorithm
principal component analysis algorithm based on singular value decomposition
feature combination optimization
extreme gradient boosting
real-time detection of malicious behaviors
