基于特征选择和时间卷积网络的工业控制系统入侵检测

针对工业控制系统流量数据存在特征冗余及深度学习模型对较小规模数据集检测能力较差的问题，提出了一种基于特征选择和时间卷积网络的工业控制系统入侵检测模型。首先，对源域数据集的异常特征和样本不平衡数据进行处理，提高源域数据集质量。其次，针对流量数据的特征冗余，利用信息增益率和主成分分析法构建IGR-PCA特征选择算法，筛选出最优特征子集实现数据降维。然后，根据工业控制系统流量数据的时间序列特性，在较大规模的源域数据集上，利用时间卷积网络（temporal convolution network，TCN）对时间序列数据优异的处理能力，构建源域时间卷积网络预训练模型。最后，在较小规模的目标域数据集上，结合迁移学习（transfer learning，TL）微调策略，获取源域样本数据的流量特征，构建目标域TCN-TL模型。利用公开的工业控制系统数据集进行实验测试，实验结果表明：流量数据经本文特征算法处理后，相较于其他方法，在降低数据维度减少计算量的同时仍具有良好的检测效果；在较大规模的源域数据集和较小规模的目标域数据集上，本文模型均取得了良好的检测效果，在目标域中利用迁移学习微调策略能够学习到源域中的知识，模型检测准确率为99.06%，在训练时间对比中，本文模型训练时间消耗更少，具有更好的泛化能力，能够更好地保护工业控制系统安全。

Industrial Control System Intrusion Detection Based on Feature Selection and Temporal Convolutional Network

Aiming at the problem of feature redundancy in industrial control system traffic data and the poor detection ability of deep learning models for small-scale data sets, an industrial control system intrusion detection model based on feature selection and temporal convolutional networks is proposed. First, the abnormal features and sample imbalance data of the source domain dataset are processed to improve the quality of the source domain dataset. Secondly, in view of the feature redundancy of traffic data, the IGR-PCA feature selection algorithm is constructed by using the information gain rate and principal component analysis method, and the optimal feature subset is selected to achieve data dimensionality reduction. Then, according to the time series characteristics of industrial control system traffic data, on a large-scale source domain data set, the excellent processing ability of Temporal Convolution Network (TCN) for time series data is used to construct a source domain temporal convolution network pretrained model. Finally, on a small-scale target domain dataset, combined with the transfer learning (TL) fine-tuning strategy, the traffic characteristics of the source domain sample data were obtained, and the target domain TCN-TL model was constructed. The experimental test is carried out using the public industrial control system data set. The experimental results show that after the traffic data is processed by the feature algorithm in this paper, compared with other methods, it can reduce the data dimension and reduce the calculation amount while still having a good detection effect. The model in this paper has achieved good detection results on both large-scale source domain data sets and small-scale target domain data sets. In the target domain, the transfer learning fine-tuning strategy can be used to learn the knowledge in the source domain, and the model detection The accuracy rate is 99.06%. In the training time comparison, the model in this paper consumes less training time, has better generalization ability, and can better protect the security of industrial control systems.