摘要
为提高工业网络中异常流量的检测精度,提出了基于结构时间序列分析的流量异常检测方案,将工业以太网流量分解成不同组分,并辅以状态空间模型,将复杂的网络流量进行分层建模,从而有效提高了工业网络异常流量检测精度,降低了误报率.与传统的X-12结构时间序列分析法相比,其平均精度上升38%,所以本文方法对于异常检测系统的效率改善明显.
To improve the detecting accuracy of malicious traffic in industrial control systems ( ICS) , an innovative approach based on structural time series model is proposed. Industrial Ethernet traffic can be decomposed into four components. Each component is established by a state space model respectively, which brings out high fitting precision. Therefore compared with X-12, the average positive rate of this method increases by 38%. In the meanwhile, this method provides a way to decrease false positive rate and time complexity.
出处
《北京工业大学学报》
CAS
CSCD
北大核心
2015年第2期200-206,共7页
Journal of Beijing University of Technology
基金
北京市高等学校人才强教深化计划资助项目(PHR201108016)
可信计算北京市重点实验室开放基金资助项目
关键词
工业控制系统
工业以太网流量
结构时间序列模型
状态空间模型
industrial control systems
industrial Ethernet traffic
structural time series model
state space model