基于遗传算法优化的OCSVM双轮廓模型异常检测算法

针对Modbus工业总线协议的特殊性及工控数据样本的不均衡性，利用单类支持向量机（OCSVM）分别构建正常OCSVM模型和异常OCSVM模型，即双轮廓模态来模拟系统通信的正常模式和异常模式，从而实现工控系统异常检测。同时将遗传算法优化自变量降维应用于工控网络入侵检测场景，实现对输入自变量的降维压缩处理，防止OCSVM模型出现过拟合现象及分类准确率低的问题，提高异常检测的精度，缩减建模时间。通过仿真验证了该算法对工控网络异常检测的有效性。

Anomaly detection algorithm based on OCSVM double contour model of genetic algorithm optimization for industrial control system

The Modbus industry bus protocol is special, and the network intrusion data sample of industrial control system is not balanced. So this paper used OCSVM to construct double contour model combining normal OCSVM model, and abnormal OCSVM model to simulate the normal mode and abnormal mode of system communication. Then it realized the abnormal detection of industrial control system. In order to prevent the OCSVM model from overfitting and the low accuracy of classification, this paper applied the genetic algorithm to the industrial control network by optimizing the dimensionality reduction of the independent variable. This method improved the accuracy of the anomaly detection and reduced the modeling time. Simulation results show that the proposed algorithm is effective for anomaly detection of industrial network.