机器学习在工业网络入侵检测中的研究应用

在工业化和信息化两化深度融合的背景下,工业控制网络面临着高强度、持续性的恶意渗透和网络攻击,对国家安全和工业生产构成了巨大威胁.检测工业控制网络遭受恶意攻击,高效区分正常数据和攻击数据的研究已成为热点问题.以密西西比州立大学SCADA实验室的能源系统攻击数据集作为工业控制网络入侵检测的主要研究对象,对比不同机器学习算法的准确率、漏警率、虚警率等重要指标,得出综合性能最优的XGBoost算法.为进一步提高入侵检测效率,提出了一种针对XGBoost算法的包裹式特征选择方法,在简化数据集的同时突出不同特征在入侵检测中的重要性.研究结果表明,结合包裹式特征选择的XGBoost算法能有效解决入侵检测问题并提高入侵检测效率,验证了此方法的有效性和科学性.

Research and Application of Machine Learning in Industrial Network Intrusion Detection

Under the background of deep integration of industrialization and informatization,Malicious penetration and network attack are severe and continous in industrial control networks,posing a great threat to national security and industrial production.Therefore,it has become a hot issue to detect malicious attacks on industrial control networks and to distinguish normal data from attack data efficiently.The energy system attack data set of SCADA laboratory of Mississippi state university is used as the primary research object of industrial control network intrusion detection.The XGBoost algorithm with the best comprehensive performance is achieved by comparing the accuracy,missing alarm,false alarm and other important indicators of different machine learning algorithms.In order to improve the efficiency of intrusion detection further.It is the wrapper feature selection method for XGBoost that is proposed.Not only does it simplify the data set but highlights the importance of different features in intrusion detection as well.The result shows that XGBoost algorithm combined with wrapper feature selection can solve the intrusion detection problem effectively and improve the efficiency of intrusion detection,which verify the validity and scientificity of this method.