一种面向工控系统的PU学习入侵检测方法

工业控制系统与物理环境联系紧密,受到攻击会直接造成经济损失,人员伤亡等后果,工业控制系统入侵检测可以提供有效的安全防护.工业控制系统中将入侵检测作为一个异常检测问题,本文围绕PU learning(Positive-unlabeled learning,PU学习)进行工业控制系统入侵检测进行研究.首先针对工业控制系统中...

A PU learning intrusion detection method for industrial control system

Industrial control systems are closely related to the physical environment. Attacks will directly cause economic losses, casualties and other consequences. Intrusion detection system can provide effective security protection. In industrial control systems, intrusion detection is regarded as an anomaly detection problem. This paper focuses on the intrusion detection through PU learning (Positive-unlabeled learning). Firstly, due to the high dimensionality of data in industrial control systems, a feature importance calculation method is proposed. The feature importance is measured by the distribution difference between the positive data set and unlabeled data set, which is used for the feature selection of PU learning. Secondly, a class prior estimation algorithm based on OCSVM(One-Class SVM) is proposed. This algorithm can estimate class prior stably and accurately. It provides necessary prior knowledge for PU learning. Finally, three public data sets were used for experiments. Under the condition of only one type of label data, abnormal samples in the data to be detected were found through PU learning. Meanwhile, PU learning is compared with some existing models to verify the effectiveness of PU learning.