基于组合神经网络的启发式工控系统异常检测模型

Heuristic Anomaly Detection Model of Industrial Control System Based on Combined Neural Network

作者：唐彰国(四川师范大学网络与通信技术研究所)；李焕洲(四川师范大学网络与通信技术研究所)；张健(四川师范大学网络与通信技术研究所)

Author：TANG Zhang-Guo(Institute of Computer Network and Communication Technology, Sichuan Normal University)；LI Huan-Zhou(Institute of Computer Network and Communication Technology, Sichuan Normal University)；zhang jian(Institute of Computer Network and Communication Technology, Sichuan Normal University)

收稿日期：2017-01-14 年卷（期）页码：2017,54(4):735-741

期刊名称：四川大学学报: 自然科学版

Journal Name：Journal of Sichuan University (Natural Science Edition)

关键字：异常检测；组合神经网络；工控系统；启发式；模型

Key words：anomaly detection; combined neural network; industrial control system; heuristic; model

基金项目：四川省教育厅青年基金项目（１５ＺＢ００２６）

中文摘要

为了提高工控系统入侵的检测率，讨论了传统工控入侵检测技术的原理，并从信息论的观点进行了对比研究。通过对工控系统特异性及其攻击手法的建模，归纳出工控攻击在协议栈、统计特性、通信行为等方面表现出的动态和静态指纹，基于一种新的异构信息的抽象方法，提出并实现了一个基于组合神经网络的启发式工控系统异常检测模型。测试结果表明该检测模型运行高效，相比一般智能方法检测结果更为准确。

英文摘要

In order to improve the intrusion detection rate of industrial control system, the principle of traditional industrial intrusion detection technology is discussed, and the comparative study is done from the viewpoint of information theory. The dynamic and static fingerprints of industrial control attacks in the protocol stack, statistical characteristics, and communication behavior are summarized based on the modeling of the specificity of the industrial control system and the attack methods. Based on a new abstract method of heterogeneous information, a heuristic industrial control system anomaly detection model based on combinatorial neural network is implemented. The test results show that the proposed model is more efficient, and the results are more accurate than the conventional intelligent methods.

【关闭】

论文摘要

基于组合神经网络的启发式工控系统异常检测模型

Heuristic Anomaly Detection Model of Industrial Control System Based on Combined Neural Network