摘要
在工业化和信息化两化深度融合的背景下,工业控制网络面临着高强度、持续性的恶意渗透和网络攻击,对国家安全和工业生产构成了巨大威胁.检测工业控制网络遭受恶意攻击,高效区分正常数据和攻击数据的研究已成为热点问题.以密西西比州立大学SCADA实验室的能源系统攻击数据集作为工业控制网络入侵检测的主要研究对象,对比不同机器学习算法的准确率、漏警率、虚警率等重要指标,得出综合性能最优的XGBoost算法.为进一步提高入侵检测效率,提出了一种针对XGBoost算法的包裹式特征选择方法,在简化数据集的同时突出不同特征在入侵检测中的重要性.研究结果表明,结合包裹式特征选择的XGBoost算法能有效解决入侵检测问题并提高入侵检测效率,验证了此方法的有效性和科学性.
Under the background of deep integration of industrialization and informatization,Malicious penetration and network attack are severe and continous in industrial control networks,posing a great threat to national security and industrial production.Therefore,it has become a hot issue to detect malicious attacks on industrial control networks and to distinguish normal data from attack data efficiently.The energy system attack data set of SCADA laboratory of Mississippi state university is used as the primary research object of industrial control network intrusion detection.The XGBoost algorithm with the best comprehensive performance is achieved by comparing the accuracy,missing alarm,false alarm and other important indicators of different machine learning algorithms.In order to improve the efficiency of intrusion detection further.It is the wrapper feature selection method for XGBoost that is proposed.Not only does it simplify the data set but highlights the importance of different features in intrusion detection as well.The result shows that XGBoost algorithm combined with wrapper feature selection can solve the intrusion detection problem effectively and improve the efficiency of intrusion detection,which verify the validity and scientificity of this method.
作者
何戡
曲超
宗学军
郑洪宇
纪胜龙
HE Kan;QU Chao;ZONG Xue-jun;ZHENG Hong-yu;JI Sheng-long(College of Information Engineering,Shenyang University of Chemical Technology,Shenyang 110142,China;School of Intelligent Manufaturing,Huanghai University,HuangHuai University,Zhumadian 463000,China;QiAn Xin Technology Group co.LTD,Beijing 100000,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2021年第2期437-442,共6页
Journal of Chinese Computer Systems
基金
2019年辽宁省高等学校创新团队支持计划项目(LT2019010)资助
2020年度辽宁省重点研发计划项目(2020JH2/10100035)资助.
关键词
工业控制网络
机器学习
入侵检测
威胁狩猎
特征选择
industrial control network
machine learning
intrusion detection
threat hunting
feature selection