文档介绍:: .
计算机工程与算法提取流量数据的时间序列特征,以检测更
加隐蔽的攻击。TCPDC 在 Electra 数据集上评估性能,实验结果证明了迁移学****在跨协议构建入侵检测
模型方面的可行性和有效性。
关键词:迁移学**** 入侵检测; 工业控制系统; 长短期记忆网络
文献标志码:A 中图分类号:; TP399 doi:.1002--0127
Research on Cross-Protocol Industrial Control Intrusion Detection System
FANG Guoqing, ZHANG Yaxian, YU Dan, MA Yao, CHEN Yongle
College of Information and Computer, Taiyuan University of Technology, Jinzhong, Shanxi 030600, China
Abstract:Industrial control systems are faced with severe security threats. Machine learning-based intrusion de-
tection technology relies on a large amount of labeled data. However, industrial control systems lack labeled data
and have many communication protocols. Data under different communication protocols are not universal. To solve
the above problems, a timing-sensitive cross-protocol domain confusion industrial control intrusion detection model
(TCPDC) is proposed. The model uses the domain confusion technique of transfer learning to minimize the distribu-
tion difference of traffic data under different communication protocols, transfer the knowledge learned under the old
communication protocol to the new communication protocol, and only use a small amount of unknown information
under the new communication protocol. By labeling the data, a high-accuracy intrusion detection model can be con-
structed. In addition, in order to achieve fine-grained identification of attack data, the model uses the Long
Short-Term Memory (LSTM) algorithm to extract the time-series features of traffic data to detect more stealthy at-
tacks. TCPDC evaluates the performance on the Electra dataset, and the experimental results demonstrate the feasi-
bility and effectiveness of transfer learn